我正在使用vagrant运行Xenial 16.04 VM。虚拟机开箱即用,vagrant用户使用流浪汉密码而没有root的密码(如果您使用root @ ubuntu-vm,Ubuntu仍然需要密码)
为了模拟生产VPS,我使用此剧本创建了一个deployer用户:
- user:
name: deployer
groups: admin
password: "{{ deployer_password }}"
shell: /bin/bash
- name: "read authorized keys from root user"
become_user: vagrant
command: "cat ~/.ssh/authorized_keys"
register: "root_authorized_keys"
- debug: msg="{{root_authorized_keys}}"
- name: "create .ssh dir for deployer"
file: path="/home/deployer/.ssh" state=directory
- name: "copy authorized keys to deployer user"
shell: "echo '{{root_authorized_keys.stdout}}' > /home/deployer/.ssh/authorized_keys"
- name: "chown the authorized_keys file"
file: path="/home/deployer/.ssh" recurse=yes mode=0700 owner="deployer"
当我进入deployer@ubuntu-vm时,我被要求输入密码,然后我按照预期登录虚拟机。在输入sudo用户的密码后,sudo su和deployer也按预期工作。
当我通过Ansible playbook或Ansible ad-hoc命令尝试sudo时出现问题。
请注意以下4个Ansible命令的响应:
$ ansible all -m ping -u vagrant
ubuntu-vm | SUCCESS => {
"changed": false,
"ping": "pong"
}
$ ansible all -m ping -u deployer
ubuntu-vm | SUCCESS => {
"changed": false,
"ping": "pong"
}
$ ansible all -m ping -u vagrant --sudo
ubuntu-vm | SUCCESS => {
"changed": false,
"ping": "pong"
}
$ ansible all -m ping -u deployer --sudo
ubuntu-vm | FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "sudo: a password is required\n",
"module_stdout": "",
"msg": "MODULE FAILURE"
}
我有sudo成功使用deployer的哪些选项?
还要考虑remote_user主机的ubuntu-vm是vagrant用户和deployer用户。如果可能的话,我想在剧本中使用这两种方法(例如:我使用vagrant用户创建deployer用户,然后我使用deployer用户进行其他播放
答案 0 :(得分:2)
尝试--ask-sudo-pass
会提示输入密码。
ansible all -m ping -u deployer --sudo --ask-sudo-pass
在Ansible 1.9+中,建议使用--become和--ask-become-pass,因为--sudo和--ask-sudo-pass已弃用。 Become (Privilege Escalation)