我是Ansible的新手,我正在尝试编写我的第一本Ansible剧本,以便通过ssh和两个远程ubuntu服务器实现root登录。
默认情况下,将禁用以root身份连接到两个远程ubuntu服务器的ssh。为了通过ssh启用root登录,我通常会执行以下
#ssh to server01 as an admin user
ssh admin@server01
#set PermitRootLogin yes
sudo vim /etc/ssh/sshd_config
# Restart the SSH server
service sshd restart
现在我想通过Ansible的剧本来做到这一点。
这是我的战术手册
---
- hosts: all
gather_facts: no
tasks:
- name: Enable Root Login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: "PermitRootLogin yes"
state: present
backup: yes
notify:
- restart ssh
handlers:
- name: restart ssh
service:
name: sshd
state: restarted
我以管理员用户的身份运行剧本,它是在这两个远程服务器中创建的
ansible-playbook enable-root-login.yml -u admin --ask-pass
不幸的是,由于权限被拒绝,剧本失败了。
fatal: [server01]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "msg": "Could not make backup of /etc/ssh/sshd_config to /etc/ssh/sshd_config.2569989.2021-07-16@06:33:33~: [Errno 13] Permission denied: '/etc/ssh/sshd_config.2569989.2021-07-16@06:33:33~'"}
有人能告诉我我的剧本出了什么问题吗?感谢
当您编辑sshd_config文件时,您使用sudo
,然后您需要指定任务必须与其他用户一起执行。您必须设置关键字become: yes
,默认情况下,become_user
将为root
,become_method
将为sudo
,您还可以指定become_password
。
---
- hosts: all
gather_facts: no
tasks:
- name: Enable Root Login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: "PermitRootLogin yes"
state: present
backup: yes
become: yes
notify:
- restart ssh
handlers:
- name: restart ssh
systemctl:
name: sshd
state: restarted
文件:https://docs.ansible.com/ansible/latest/user_guide/become.html#using-成为