防止ansible使用sudo

时间:2016-04-18 17:00:07

标签: python ansible sudo

我正在尝试运行一个ansible playbook:

ansible-playbook -i myserver.com, ansible/playbooks/myplaybook.yml -vvv

但它尝试在我没有sudo权限的远程服务器上执行sudo命令,并在提示输入密码时挂起:

<myserver.com> ESTABLISH CONNECTION FOR USER: my_username on PORT 22 TO myserver.com
<myserver.com> REMOTE_MODULE setup
<myserver.com> EXEC /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1460997867.84-241373750954463 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1460997867.84-241373750954463 && echo $HOME/.ansible/tmp/ansible-tmp-1460997867.84-241373750954463'
<myserver.com> PUT /var/folders/31/y5npmcgn7777f5063rgjf6_hc7rppt/T/tmptR7HbV TO /home/my_username/.ansible/tmp/ansible-tmp-14609823867.84-241373750954463/setup
<myserver.com> EXEC /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=afasdfakjdfasdgrefavf] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-mwpxbbscfnbmmgqspgerjcwapghlvcbo; LANG=C LC_CTYPE=C /usr/bin/python /home/my_username/.ansible/tmp/ansible-tmp-14609823867.84-241373350954463/setup; rm -rf /home/my_username/.ansible/tmp/ansible-tmp-14609823867.84-241373350954463/ >/dev/null 2>&1'"'"''

failed: [myserver.com] => {"failed": true, "parsed": false}
[sudo via ansible, key=afasdfakjdfasdgrefavf] password: 

该剧本似乎适用于我团队中的其他人,所以我不确定发生了什么,这是我对Ansible的第一次体验,所以如果我错过了一些明显的东西,我就会解散。

---
- hosts: all

  vars_prompt:
  - name: "my_brancyh"
    prompt: "My branch:"
    default: "dev"
    private: no
  - name: "password"
    prompt: "Enter password"

  vars:
    proxy_url: "my_proxy"

  environment:
    PASSWORD: "{{password}}"
    HTTP_PROXY: http://{{ lookup('env', 'USER') }}:{{password}}@{{proxy_url}}:8099
    HTTPS_PROXY: http://{{ lookup('env', 'USER') }}:{{password}}@{{proxy_url}}:8099

  tasks:
  - name: create my environment
    shell: "{{item}}"
    with_items:
      - /opt/anaconda/anaconda/bin/conda create -y -p ~/envs/alvin --no-default-packages --no-pin python==2.7.9
      - mkdir ~/envs/my/src

2 个答案:

答案 0 :(得分:1)

检查/etc/ansible/ansible.conf或〜/ .ansible.cfg可能您的环境正在将sudo设置为全局参数。

答案 1 :(得分:1)

Ansible只会在您在游戏手册中指定所需的sudo时(通过sudobecome指令),或者在命令行中指定时使用--sudo { {1}}或--become)。我在你的例子中没有看到这些东西,但你说这是一个简化的剧本 - 你在删除内部信息时是否从任务中删除了其中一个?