为什么Ansible没有运行Pip作为sudo用户?

时间:2015-11-04 12:40:47

标签: pip ansible ansible-playbook

我有一本确保所有要求都在本地安装的剧本。我正在使用ansible 2.0.0 

ansible-playbook site.yml -i staging

site.yml: 

---
  - hosts: localhost
    become: yes
    become_user: "{{ sudo_user }}"
    connection: local

    vars_files:
      - vars/main.yml

    roles:
      - do
在实验中,

sudo_usersurfer190

做/任务/ main.yml: 

- name: make sure everything is installed
  apt: name={{item}} state=installed
  with_items:
    - python-apt
    - python-pycurl
    - python-pip
    - python-setuptools

- name: Install dopy
  pip: name={{ item }}
  with_items:
    - virtualenv
    - dopy
    - passlib

我收到以下错误:

failed: [localhost] => (item=passlib) => {"cmd": "/usr/local/bin/pip install passlib", "failed": true, "invocation": {"module_args": {"name": "passlib"}, "module_name": "pip"}, "item": "passlib", "msg": "stdout: Collecting passlib\n  Using cached passlib-1.6.5-py2.py3-none-any.whl\nInstalling collected packages: passlib\n\n:stderr: Exception:\nTraceback (most recent call last):\n  File \"/usr/local/lib/python2.7/dist-packages/pip/basecommand.py\", line 211, in main\n    status = self.run(options, args)\n  File \"/usr/local/lib/python2.7/dist-packages/pip/commands/install.py\", line 311, in run\n    root=options.root_path,\n  File \"/usr/local/lib/python2.7/dist-packages/pip/req/req_set.py\", line 646, in install\n    **kwargs\n  File \"/usr/local/lib/python2.7/dist-packages/pip/req/req_install.py\", line 803, in install\n    self.move_wheel_files(self.source_dir, root=root)\n  File \"/usr/local/lib/python2.7/dist-packages/pip/req/req_install.py\", line 998, in move_wheel_files\n    isolated=self.isolated,\n  File \"/usr/local/lib/python2.7/dist-packages/pip/wheel.py\", line 339, in move_wheel_files\n    clobber(source, lib_dir, True)\n  File \"/usr/local/lib/python2.7/dist-packages/pip/wheel.py\", line 310, in clobber\n    ensure_dir(destdir)\n  File \"/usr/local/lib/python2.7/dist-packages/pip/utils/__init__.py\", line 71, in ensure_dir\n    os.makedirs(path)\n  File \"/usr/lib/python2.7/os.py\", line 157, in makedirs\n    mkdir(name, mode)\nOSError: [Errno 13] Permission denied: '/usr/local/lib/python2.7/dist-packages/passlib'\n"}

基本上是permission denied。所以它没有用sudo运行命令。当我尝试sudo pip install passlib并且它有效时。

即使我使用-k运行并输入sudo密码也无效。请注意,surfer190用户需要密码才能使用sudo。

我做错了什么?

2 个答案:

答案 0 :(得分:2)

添加'sudo:yes'以安装dopy任务

- name: make sure everything is installed
  apt: name={{item}} state=installed
  with_items:
    - python-apt
    - python-pycurl
    - python-pip
    - python-setuptools

- name: Install dopy
  pip: name={{ item }}
  with_items:
    - virtualenv
    - dopy
    - passlib
  sudo: yes

如果您发现执行任务时剧本的执行挂起,那么很可能ansible等待sudo passoword,但是您无法输入密码。有办法解决这个问题。更新位于'/ etc / sudoers'

的sudoers文件中的以下指定部分 
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
yourusername  ALL=NOPASSWD: ALL

编辑/ etc / sudoers时要小心,输入错误的条目可能会阻止您再次登录服务器。

答案 1 :(得分:1)

所以看起来你需要的最小配置是:

---
  - hosts: localhost
    become: yes
    become_user: "{{ sudo_user }}"
    connection: local

    vars_files:
      - vars/main.yml

    roles:
      - ...

所以become_user需要是一个可以sudo但没有通过的用户。 如果没有become_user则失败并显示:

failed: [localhost] => (item=passlib) => {"failed": true, "item": "passlib", "parsed": false}
[sudo via ansible, key=sgidbrejgqoibeozxncyhixnwsukxjbe] password:
相关问题
最新问题