我正在尝试将特定的Ansible任务作为与运行playbook的用户不同的用户运行。在我的本地方框中,我在playbook下面,我以david用户身份登录,我想在所有远程服务器上以/tek/ghy/bin/ss.sh start用户身份运行此命令goldy。
我的.yml文件如下所示:
---
- name: start server
hosts: one_box
serial: "{{ num_serial }}"
tasks:
- name: start server
command: /tek/ghy/bin/ss.sh start
become: true
become_user: goldy
以下是我如何运行它:
david@machineA:~$ ansible-playbook -e 'host_key_checking=False' -e 'num_serial=1' start_box.yml -u david --ask-pass --sudo -U goldy --ask-become-pass
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings
can be disabled by setting deprecation_warnings=False in ansible.cfg.
SSH password:
SUDO password[defaults to SSH password]:
PLAY [start server] ***************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
fatal: [remote_machineA]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of ‘/tmp/ansible-tmp-1527357815.74-165519966271795/’: Operation not permitted\nchown: changing ownership of ‘/tmp/ansible-tmp-1527357815.74-165519966271795/setup.py’: Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
我在这做错了什么?我正在运行ansible 2.4.3.0
答案 0 :(得分:1)
,您可能会受到此issue的影响。
尝试升级ansible,你的代码(我替换command在远程服务器上运行一个简单的id,而不是/tek/ghy/bin/ss.sh start,我使用相同的shell命令和您提供的参数)适用于2.5.2:
[ilias@optima-ansible tmp]$ ansible-playbook -e 'host_key_checking=False' -e 'num_serial=1' lala.yml -u ilias --ask-pass --sudo -U http_offline --ask-become-pass
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings can be disabled by
setting deprecation_warnings=False in ansible.cfg.
SSH password:
SUDO password[defaults to SSH password]:
PLAY [start server] *************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************
ok: [greenhat]
TASK [start server] *************************************************************************************************************************************************************************************************
changed: [greenhat]
TASK [debug] ********************************************************************************************************************************************************************************************************
ok: [greenhat] => {
"command_output": {
"changed": true,
"cmd": [
"id"
],
"delta": "0:00:00.004484",
"end": "2018-05-26 21:26:28.531838",
"failed": false,
"rc": 0,
"start": "2018-05-26 21:26:28.527354",
"stderr": "",
"stderr_lines": [],
"stdout": "uid=1002(http_offline) gid=1002(http_offline) groups=1002(http_offline),984(docker)",
"stdout_lines": [
"uid=1002(http_offline) gid=1002(http_offline) groups=1002(http_offline),984(docker)"
]
}
}
PLAY RECAP **********************************************************************************************************************************************************************************************************
greenhat : ok=3 changed=1 unreachable=0 failed=0
[ilias@optima-ansible tmp]$ ansible --version
ansible 2.5.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/ilias/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15 (default, May 16 2018, 17:50:09) [GCC 8.1.1 20180502 (Red Hat 8.1.1-1)]
[ilias@optima-ansible tmp]$