小贝子编程

在 ANSIBLE 中使用'become'时模块故障



我想以不同于连接到远程机器(root(的用户(webadmin(的身份运行特定的Ansible任务。因此,我使用"成为"模块来更改任务中的用户:

---
- name: Git clone
git:
repo: '{{ repository }}'
dest: '{{ workcopypath }}/{{ project_group }}'
become: yes
become_user: '{{ myuser }}'

然而,在我运行我的剧本时出现了一些问题:

Using module file /usr/lib/python2.7/site-packages/ansible/modules/source_control/git.py
<10.122.2.20> cmd|/bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp/ansible-tmp-1542694736.75-69768062845781 `" && echo ansible-tmp-1542694736.75-69768062845781="` echo /var/tmp/ansible-tmp-1542694736.75-69768062845781 `" ) && sleep 0'|False|None
<10.122.2.20> put_file|/root/.ansible/tmp/ansible-local-13654yyClbh/tmpTL422C|/var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py
<10.122.2.20> cmd|/bin/sh -c 'setfacl -m u:webadmin:r-x /var/tmp/ansible-tmp-1542694736.75-69768062845781/ /var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py && sleep 0'|False|None
<10.122.2.20> cmd|/bin/sh -c 'sudo -H -S -n -u webadmin /bin/sh -c '"'"'echo BECOME-SUCCESS-ozfqbfexlaybkeimxrmuyppdrzmrhxxu; /usr/bin/python /var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py'"'"' && sleep 0'|True|None
<10.122.2.20> cmd|/bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1542694736.75-69768062845781/ > /dev/null 2>&1 && sleep 0'|False|Non
fatal: [10.122.2.20]: FAILED! => {
"changed": false, 
"module_stderr": "", 
"module_stdout": "ERROR: invalid timeout value of BECOME-SUCCESS-ozfqbfexlaybkeimxrmuyppdrzmrhxxun/usr/bin/python: can't open file '/var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py"' && sleep 0'': [Errno 2] No such file or directory", 
"msg": "MODULE FAILURE", 
"rc": 512
}
我在使用gitclone/pull/push时在远程机器中设置了自由秘密。。。在用户webadmin下。我不知道如何解决这个问题,有人能帮我吗?谢谢

您必须在远程系统上编辑/etc/sudoers文件,以便有以下行:

ANSIBLE_SSH_USER ALL=(ALL) NOPASSWD:ALL

您可以使用进行测试

your_user@ansible-server:~$ ssh ANSIBLE_SSH_USER@remote_system "sudo -H -S -n -u webadmin /bin/sh -c /bin/uname"

这应该返回Linux或你的远程系统。如果sudo: a password is required有问题,那么你的/etc/sudoers仍然不好。如果它有效,请使用易翻译的脚本进行尝试。

感谢@JGK的反馈。

https://stackoverflow.com/a/53401098/686105

我还编写了这个示例剧本来检查become_user方法。

行动手册

---
- name: Check become_user of postgres
hosts: server
tasks:
- name: Run with root.
command: whoami
become: true
register: root_rc
- name: Run with postgres.
command: whoami
become: true
become_user: postgres
register: postgres_rc
- name: print result
debug:
msg: "[ root_rc: {{ root_rc.stdout }}, postgres_rc: {{ postgres_rc.stdout }}]"

更改前运行:失败

[ chusiang@banshee ~/playbooks ] - 17:33
ssh server "sudo -H -S -n -u postgres /bin/sh -c /bin/uname"
sudo: a password is required

[ chusiang@banshee ~/playbooks ] - 17:35
(cmd)$ ANSIBLE_NOCOWS=0 ansible-playbook check_become_user.yml
______________________________________
< PLAY [Check become_user of postgres] >
--------------------------------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
________________________
< TASK [Gathering Facts] >
------------------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
ok: [server]
_______________________
< TASK [Run with root.] >
-----------------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
changed: [server]
___________________________
< TASK [Run with postgres.] >
---------------------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
fatal: [server]: FAILED! => {
"changed": false,
"rc": 1
}
MSG:
MODULE FAILURE
See stdout/stderr for the exact error
____________
< PLAY RECAP >
------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
server                    : ok=2    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

添加postgres的sudo无密码设置

请将chusiang的用户名替换为您自己

[root@server ~]# sudo vim /etc/sudoers.d/postgres
+ chusiang ALL=(postgres) NOPASSWD:ALL

更改后运行:通过

[ chusiang@banshee ~/playbooks ] - 17:35
ssh server "sudo -H -S -n -u postgres /bin/sh -c /bin/uname"
Linux

[ jonny@banshee ~/vcs/lw/jonny.lai/lw-cloud.ansible.M2 ] (feature/support_only_offic) - 17:36
(cmd)$ ANSIBLE_NOCOWS=0 ansible-playbook check_become_user.yml
______________________________________
< PLAY [Check become_user of postgres] >
--------------------------------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
________________________
< TASK [Gathering Facts] >
------------------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
ok: [server]
_______________________
< TASK [Run with root.] >
-----------------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
changed: [server]
___________________________
< TASK [Run with postgres.] >
---------------------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
changed: [server]
_____________________
< TASK [print result] >
---------------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
ok: [server] => {}
MSG:
[ root_rc: root, postgres_rc: postgres]
____________
< PLAY RECAP >
------------

   __    _/_/
      __/
(oo)_______
(__)       )/
||----w |
||     ||
server                    : ok=4    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium