目标:给定一个没有安装python的Debian服务器(以及其他一些缺少的ansible先决条件),使用ansible来安装它们,这样我就可以使用正常的ansible模块(几乎所有这些都需要python)来配置服务器。
根据the ansible documentation for the "script" module,“这个模块在远程系统上不需要python,就像原始模块一样。”但是,基于我的测试,似乎脚本模块实际上确实尝试在远程系统上运行python ,至少如果sudo选项为true。我相信只要我不启用ansible的sudo选项,我就可以使用脚本模块,但是我需要我的远程用户在没有密码提示的情况下获得sudo权限,或者我的脚本只是去挂起等待sudo密码的交互式输入。
所以我的问题是:A)“脚本”模块的处理是什么。它是否需要远程系统上的python?
和B)是否有更好的方法来实现我的更大目标,即在无法使用ansible之前完全自动部署而无需任何手动步骤?
这是ansible-playbook -vvv的输出,显示它在远程系统上运行/usr/bin/python,并且没有文件,因为尚未安装python。
TASK: [install ansible prerequisites]
***************************************** <10.9.8.31> ESTABLISH
CONNECTION FOR USER: plyons <10.9.8.31> EXEC ['ssh', '-C', '-tt',
'-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s',
'-o', 'ControlPath=/Users/plyons/.ansible/cp/ansible-
ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o',
'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications
=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o',
'PasswordAuthentication=no', '-o', 'ConnectTimeout=10',
'10.9.8.31', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-
tmp-1396233547.35-182235573044157 && chmod a+rx $HOME/.ansible/tmp
/ansible-tmp-1396233547.35-182235573044157 && echo
$HOME/.ansible/tmp/ansible-tmp-1396233547.35-182235573044157'"]
<10.9.8.31> PUT
/var/folders/n4/8skjkv9s5hbc4t5r0tr0xrk80000gn/T/tmpT1Vh6e TO
/home/plyons/.ansible/tmp/ansible-
tmp-1396233547.35-182235573044157/stat <10.9.8.31> EXEC ['ssh',
'-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o',
'ControlPersist=60s', '-o', 'ControlPath=/Users/plyons/.ansible/cp
/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o',
'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications
=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o',
'PasswordAuthentication=no', '-o', 'ConnectTimeout=10',
'10.9.8.31', '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via
ansible, key=hyplatqjmvybpfqtukjegkibbuyrnoqj] password: " -u root
/bin/sh -c \'"\'"\'echo SUDO-SUCCESS-
hyplatqjmvybpfqtukjegkibbuyrnoqj; /usr/bin/python
/home/plyons/.ansible/tmp/ansible-
tmp-1396233547.35-182235573044157/stat\'"\'"\'\'']
这是我的剧本任务:
tasks:
-
name: install ansible prerequisites
script: ansible_prereqs.sh creates=/root/.ansible_prereqs_installed
那个ansible_prereqs.sh脚本:
#!/bin/sh
#install ansible prereqs manually or all apt-based ansible commands will fail
# http://euphonious-intuition.com/2013/01/bootstrapping-a-cluster-with-ansible-debian-6-and-oracle-java-7/
apt-get update
apt-get install -y python python-apt python-pycurl sshpass
touch /root/.ansible_prereqs_installed
答案 0 :(得分:10)
好的,进一步的测试让我明白@DomaNitro是正确的,因为它不是script模块本身所说的需要python,特别是creates选项,因为它使用了stat python脚本。
然而,事情似乎仍然正常,因为在creates标记文件的初始检查中,ansible将执行:/usr/bin/python /home/plyons/.ansible/tmp/ansible-tmp-1396271950.37-134911276396535/stat,这将失败,因为/usr/bin/python不存在,但这很好,因为我们希望脚本无论如何都要运行。
我的ansible_prereqs.sh脚本运行后,ansible的stat模块将开始工作,因为现在安装了/usr/bin/python,因此后续重新运行将看到标记文件存在并绕过脚本。
所以我不需要在shell脚本代码中实现creates逻辑。这是我最后的工作剧本:
---
-
hosts: all
gather_facts: no
sudo: yes
tasks:
-
name: install ansible prerequisites
script: ansible_prereqs.sh creates=/root/.ansible_prereqs_installed
这是它运行的脚本ansible_prereqs.sh:
#!/bin/bash
set -e
apt-get -qq update
apt-get -qq --yes install python python-apt python-pycurl sshpass
touch /root/.ansible_prereqs_installed
这里有一些ansible-playbook -vvv输出,并添加了解释性注释。
<10.9.8.31> ESTABLISH CONNECTION FOR USER: plyons
#Not sure exactly what this does, but presumably some basic
#bootstrap sanity checking
<10.9.8.31> EXEC ['ssh', '-C', '-tt',
'-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o',
'ControlPath=/Users/plyons/.ansible/cp/ansible-ssh-%h-%p-%r', '-o',
'StrictHostKeyChecking=no', '-o', 'KbdInteractiveAuthentication=no',
'-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-
keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o',
'ConnectTimeout=10', '10.9.8.31', "/bin/sh -c 'mkdir -p
$HOME/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174 && chmod
a+rx $HOME/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174 &&
echo $HOME/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174'"]
#OK the "creates" option causes ansible to upload the "stat"
#python program
<10.9.8.31> PUT
/var/folders/n4/8skjkv9s5hbc4t5r0tr0xrk80000gn/T/tmp5CVz6i TO
/home/plyons/.ansible/tmp/ansible-
tmp-1396273094.39-170062058638174/stat
#Then ansible attempts to run it with /usr/bin/python
#This fails but ansible seems to proceed anyway, which is OK
<10.9.8.31> EXEC ['ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o',
'ControlPersist=60s', '-o', 'ControlPath=/Users/plyons/.ansible/cp
/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o',
'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications
=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o',
'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '10.9.8.31',
'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible,
key=llljvkxiztigvqonzohgzwwekusxtprk] password: " -u root /bin/sh -c
\'"\'"\'echo SUDO-SUCCESS-llljvkxiztigvqonzohgzwwekusxtprk;
/usr/bin/python /home/plyons/.ansible/tmp/ansible-
tmp-1396273094.39-170062058638174/stat\'"\'"\'\'']
#Now ansible uploads my script
<10.9.8.31> PUT
/Users/plyons/projects/redacted/deploy/ansible_prereqs.sh
TO /home/plyons/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174/ansible_prereqs.sh
#Then it marks it executable
<10.9.8.31> EXEC ['ssh', '-C',
'-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s',
'-o', 'ControlPath=/Users/plyons/.ansible/cp/ansible-ssh-%h-%p-%r',
'-o', 'StrictHostKeyChecking=no', '-o',
'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications
=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o',
'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '10.9.8.31',
u'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible,
key=cgmwlvtjoxuighdqujwmmpvioiumveac] password: " -u root /bin/sh -c
\'"\'"\'echo SUDO-SUCCESS-cgmwlvtjoxuighdqujwmmpvioiumveac; chmod +rx
/home/plyons/.ansible/tmp/ansible-
tmp-1396273094.39-170062058638174/ansible_prereqs.sh\'"\'"\'\'']
#Then it runs it
<10.9.8.31> EXEC ['ssh', '-C', '-tt', '-q', '-o',
'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o',
'ControlPath=/Users/plyons/.ansible/cp/ansible-ssh-%h-%p-%r', '-o',
'StrictHostKeyChecking=no', '-o', 'KbdInteractiveAuthentication=no',
'-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-
keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o',
'ConnectTimeout=10', '10.9.8.31', u'/bin/sh -c \'sudo -k && sudo -H -S
-p "[sudo via ansible, key=cqqswbszbeabpclraxsxwzzatbolgmgf] password:
" -u root $SHELL -c \'"\'"\'echo SUDO-SUCCESS-
cqqswbszbeabpclraxsxwzzatbolgmgf; /home/plyons/.ansible/tmp/ansible-
tmp-1396273094.39-170062058638174/ansible_prereqs.sh \'"\'"\'\'']
#Then it deletes it
<10.9.8.31> EXEC ['ssh', '-C', '-tt',
'-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o',
'ControlPath=/Users/plyons/.ansible/cp/ansible-ssh-%h-%p-%r', '-o',
'StrictHostKeyChecking=no', '-o', 'KbdInteractiveAuthentication=no',
'-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-
keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o',
'ConnectTimeout=10', '10.9.8.31', "/bin/sh -c 'rm -rf
/home/plyons/.ansible/tmp/ansible-tmp-1396273094.39-170062058638174/
>/dev/null 2>&1'"]
答案 1 :(得分:8)
raw和脚本不需要python。我认为创建需要python。验证您可以运行
ansible -m script -a "ansible_prereqs.sh" 10.9.8.31 -vvvv
您可以做的是将创建功能转移到您的脚本
#!/bin/sh
#install ansible prereqs manually or all apt-based ansible commands will fail
# http://euphonious-intuition.com/2013/01/bootstrapping-a-cluster-with-ansible-debian-6-and-oracle-java-7/
if [ ! -f /root/.ansible_prereqs_installed ]; then
apt-get update
apt-get install -y python python-apt python-pycurl sshpass
touch /root/.ansible_prereqs_installed
echo "CHANGE"
fi
你可以让你的剧本像这样
tasks:
-
name: install ansible prerequisites
script: ansible_prereqs.sh creates=/root/.ansible_prereqs_installed
register: ans_preq
changed_when: "'CHANGE' in ans_preq.stdout"
希望有所帮助