我想以不同于连接到远程机器(root(的用户(webadmin(的身份运行特定的Ansible任务。因此,我使用"成为"模块来更改任务中的用户:
---
- name: Git clone
git:
repo: '{{ repository }}'
dest: '{{ workcopypath }}/{{ project_group }}'
become: yes
become_user: '{{ myuser }}'
然而,在我运行我的剧本时出现了一些问题:
Using module file /usr/lib/python2.7/site-packages/ansible/modules/source_control/git.py
<10.122.2.20> cmd|/bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp/ansible-tmp-1542694736.75-69768062845781 `" && echo ansible-tmp-1542694736.75-69768062845781="` echo /var/tmp/ansible-tmp-1542694736.75-69768062845781 `" ) && sleep 0'|False|None
<10.122.2.20> put_file|/root/.ansible/tmp/ansible-local-13654yyClbh/tmpTL422C|/var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py
<10.122.2.20> cmd|/bin/sh -c 'setfacl -m u:webadmin:r-x /var/tmp/ansible-tmp-1542694736.75-69768062845781/ /var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py && sleep 0'|False|None
<10.122.2.20> cmd|/bin/sh -c 'sudo -H -S -n -u webadmin /bin/sh -c '"'"'echo BECOME-SUCCESS-ozfqbfexlaybkeimxrmuyppdrzmrhxxu; /usr/bin/python /var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py'"'"' && sleep 0'|True|None
<10.122.2.20> cmd|/bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1542694736.75-69768062845781/ > /dev/null 2>&1 && sleep 0'|False|Non
fatal: [10.122.2.20]: FAILED! => {
"changed": false,
"module_stderr": "",
"module_stdout": "ERROR: invalid timeout value of BECOME-SUCCESS-ozfqbfexlaybkeimxrmuyppdrzmrhxxun/usr/bin/python: can't open file '/var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py"' && sleep 0'': [Errno 2] No such file or directory",
"msg": "MODULE FAILURE",
"rc": 512
}
我在使用gitclone/pull/push时在远程机器中设置了自由秘密。。。在用户webadmin下。我不知道如何解决这个问题,有人能帮我吗?谢谢
您必须在远程系统上编辑/etc/sudoers
文件,以便有以下行:
ANSIBLE_SSH_USER ALL=(ALL) NOPASSWD:ALL
您可以使用进行测试
your_user@ansible-server:~$ ssh ANSIBLE_SSH_USER@remote_system "sudo -H -S -n -u webadmin /bin/sh -c /bin/uname"
这应该返回Linux
或你的远程系统。如果sudo: a password is required
有问题,那么你的/etc/sudoers
仍然不好。如果它有效,请使用易翻译的脚本进行尝试。
感谢@JGK的反馈。
https://stackoverflow.com/a/53401098/686105
我还编写了这个示例剧本来检查become_user
方法。
行动手册
---
- name: Check become_user of postgres
hosts: server
tasks:
- name: Run with root.
command: whoami
become: true
register: root_rc
- name: Run with postgres.
command: whoami
become: true
become_user: postgres
register: postgres_rc
- name: print result
debug:
msg: "[ root_rc: {{ root_rc.stdout }}, postgres_rc: {{ postgres_rc.stdout }}]"
更改前运行:失败
[ chusiang@banshee ~/playbooks ] - 17:33
ssh server "sudo -H -S -n -u postgres /bin/sh -c /bin/uname"
sudo: a password is required
[ chusiang@banshee ~/playbooks ] - 17:35
(cmd)$ ANSIBLE_NOCOWS=0 ansible-playbook check_become_user.yml
______________________________________
< PLAY [Check become_user of postgres] >
--------------------------------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
ok: [server]
_______________________
< TASK [Run with root.] >
-----------------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
changed: [server]
___________________________
< TASK [Run with postgres.] >
---------------------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
fatal: [server]: FAILED! => {
"changed": false,
"rc": 1
}
MSG:
MODULE FAILURE
See stdout/stderr for the exact error
____________
< PLAY RECAP >
------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
server : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
添加postgres的sudo无密码设置
请将chusiang
的用户名替换为您自己
[root@server ~]# sudo vim /etc/sudoers.d/postgres
+ chusiang ALL=(postgres) NOPASSWD:ALL
更改后运行:通过
[ chusiang@banshee ~/playbooks ] - 17:35
ssh server "sudo -H -S -n -u postgres /bin/sh -c /bin/uname"
Linux
[ jonny@banshee ~/vcs/lw/jonny.lai/lw-cloud.ansible.M2 ] (feature/support_only_offic) - 17:36
(cmd)$ ANSIBLE_NOCOWS=0 ansible-playbook check_become_user.yml
______________________________________
< PLAY [Check become_user of postgres] >
--------------------------------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
ok: [server]
_______________________
< TASK [Run with root.] >
-----------------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
changed: [server]
___________________________
< TASK [Run with postgres.] >
---------------------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
changed: [server]
_____________________
< TASK [print result] >
---------------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
ok: [server] => {}
MSG:
[ root_rc: root, postgres_rc: postgres]
____________
< PLAY RECAP >
------------
__ _/_/
__/
(oo)_______
(__) )/
||----w |
|| ||
server : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0