ansible sudo:对不起,你必须有一个tty来运行sudo

时间:2016-02-24 08:36:44

标签: ansible sudo amazon-cloudformation

当我设置云形成的环境时,我需要在Vagrant盒子和aws上运行playbooks。

在Vagrant文​​件中,我使用ansible-local,一切正常

name: Setup Unified Catalog Webserver  
    hosts: 127.0.0.1  
    connection: local  
  become: yes  
  become_user: root
  roles: generic

然而,当我在AWS中创建实例时,ansible playbook失败并出现错误:
sudo: sorry, you must have a tty to run sudo
这是因为它以root身份运行而且没有tty。但我不知道如何修改它而不在/etc/sudoers进行更改以允许!requiretty

我可以在ansible.cfg或我的Cloud Formation模板中设置任何标志吗?

  "#!/bin/bash\n", "\n", "   
 echo 'Installing Git'\n","  
  yum --nogpgcheck -y install git ansible htop nano wget\n",
 "wget https://s3.eu-central-1.amazonaws.com/XXX -O /root/.ssh/id_rsa\n", 
"chmod 600 /root/.ssh/id_rsa\n", 
"ssh-keyscan 172.31.7.235 >> /root/.ssh/known_hosts\n",
 "git clone git@172.31.7.235:something/repo.git /root/repo\n", 
"ansible-playbook /root/env/ansible/test.yml\n

3 个答案:

答案 0 :(得分:3)

我可以通过在transport = paramiko中设置ansible.cfg配置来解决此问题。

答案 1 :(得分:2)

我为自己找到了以下解决方案:
 1.使用/etc/sudoers运行的剧本在sed中更改requiretty并将其更改回来。

 "#!/bin/bash\n", "\n", "  
 echo 'Installing Git'\n"," 
 yum --nogpgcheck -y install git ansible htop nano wget\n",  
 "wget https://s3.eu-central-1.amazonaws.com/xx/ansible -O /root/.ssh/id_rsa\n",  
 "chmod 600 /root/.ssh/id_rsa\n",   
  "ssh-keyscan 172.31.9.231 >> /root/.ssh/known_hosts\n",   
  "git clone git@172.31.5.254:somerepo/dev.git /root/dev\n",   
  "sed -i 's/Defaults    requiretty/Defaults    !requiretty/g' /etc/sudoers\n", 
  "\n", 
  "ansible-playbook /root/dev/env/ansible/uk.yml\n",   
  "\n",   
  "sed -i 's/Defaults    !requiretty/Defaults    requiretty/g' /etc/sudoers\n"

OR 2.在ansible playbook中指定变量:

 - name: Setup 
 hosts: 127.0.0.1
 connection: local
 sudo: {{ require_sudo }}
 roles:
    - generic

在AWS Cloud Formation模板中运行

   "ansible-playbook -e require_sudo=False /root/dev/env/ansible/uk.yml\n"

对于ansible.cfg中的Vagrant,可以指定

  require_sudo=True

  1. 同样在CF模板中可以识别正在运行的人和传递变量

    ansible-playbook -e$(id -u |egrep '^0$' > /dev/null && require_sudo=False || require_sudo=True; echo "require_sudo=$require_sudo") /apps/ansible/uk.yml

答案 2 :(得分:0)

如果您需要特定的连接:在一个剧本中使用paramiko,而在ansible.cfg中使用全局配置,则可以在剧本中添加connection: paramiko,例如:

- name: Run checks after deployments
  hosts: all
  # https://github.com/paramiko/paramiko/issues/1369
  connection: paramiko
  gather_facts: True
相关问题
最新问题