我想以与连接到远程计算机(root)的用户不同的用户(webadmin)的身份运行特定的Ansible任务。因此,我使用“成为”模块来更改任务中的用户:
---
- name: Git clone
git:
repo: '{{ repository }}'
dest: '{{ workcopypath }}/{{ project_group }}'
become: yes
become_user: '{{ myuser }}'
但是,我运行剧本时出了点问题:
Using module file /usr/lib/python2.7/site-packages/ansible/modules/source_control/git.py
<10.122.2.20> cmd|/bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp/ansible-tmp-1542694736.75-69768062845781 `" && echo ansible-tmp-1542694736.75-69768062845781="` echo /var/tmp/ansible-tmp-1542694736.75-69768062845781 `" ) && sleep 0'|False|None
<10.122.2.20> put_file|/root/.ansible/tmp/ansible-local-13654yyClbh/tmpTL422C|/var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py
<10.122.2.20> cmd|/bin/sh -c 'setfacl -m u:webadmin:r-x /var/tmp/ansible-tmp-1542694736.75-69768062845781/ /var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py && sleep 0'|False|None
<10.122.2.20> cmd|/bin/sh -c 'sudo -H -S -n -u webadmin /bin/sh -c '"'"'echo BECOME-SUCCESS-ozfqbfexlaybkeimxrmuyppdrzmrhxxu; /usr/bin/python /var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py'"'"' && sleep 0'|True|None
<10.122.2.20> cmd|/bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1542694736.75-69768062845781/ > /dev/null 2>&1 && sleep 0'|False|Non
fatal: [10.122.2.20]: FAILED! => {
"changed": false,
"module_stderr": "",
"module_stdout": "ERROR: invalid timeout value of BECOME-SUCCESS-ozfqbfexlaybkeimxrmuyppdrzmrhxxu\n/usr/bin/python: can't open file '/var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py\"' && sleep 0'': [Errno 2] No such file or directory",
"msg": "MODULE FAILURE",
"rc": 512
}
答案 0 :(得分:0)
您必须在远程系统上编辑/etc/sudoers文件,以便存在以下行:
ANSIBLE_SSH_USER ALL=(ALL) NOPASSWD:ALL
您可以使用以下方法进行测试:
your_user@ansible-server:~$ ssh ANSIBLE_SSH_USER@remote_system "sudo -H -S -n -u webadmin /bin/sh -c /bin/uname"
这应该返回Linux或任何远程系统。如果sudo: a password is required有问题,那么您/etc/sudoers还是不好。如果可行,请尝试使用ansible脚本。
答案 1 :(得分:0)
感谢@JGK 反馈。
<块引用>https://stackoverflow.com/a/53401098/686105
我还编写了此示例剧本来检查 become_user 方法。
---
- name: Check become_user of postgres
hosts: server
tasks:
- name: Run with root.
command: whoami
become: true
register: root_rc
- name: Run with postgres.
command: whoami
become: true
become_user: postgres
register: postgres_rc
- name: print result
debug:
msg: "[ root_rc: {{ root_rc.stdout }}, postgres_rc: {{ postgres_rc.stdout }}]"
[ chusiang@banshee ~/playbooks ] - 17:33
ssh server "sudo -H -S -n -u postgres /bin/sh -c /bin/uname"
sudo: a password is required
[ chusiang@banshee ~/playbooks ] - 17:35
(cmd)$ ANSIBLE_NOCOWS=0 ansible-playbook check_become_user.yml
______________________________________
< PLAY [Check become_user of postgres] >
--------------------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [server]
_______________________
< TASK [Run with root.] >
-----------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [server]
___________________________
< TASK [Run with postgres.] >
---------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
fatal: [server]: FAILED! => {
"changed": false,
"rc": 1
}
MSG:
MODULE FAILURE
See stdout/stderr for the exact error
____________
< PLAY RECAP >
------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
server : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
请将用户名 chusiang 替换为您自己。
[root@server ~]# sudo vim /etc/sudoers.d/postgres
+ chusiang ALL=(postgres) NOPASSWD:ALL
[ chusiang@banshee ~/playbooks ] - 17:35
ssh server "sudo -H -S -n -u postgres /bin/sh -c /bin/uname"
Linux
[ jonny@banshee ~/vcs/lw/jonny.lai/lw-cloud.ansible.M2 ] (feature/support_only_offic) - 17:36
(cmd)$ ANSIBLE_NOCOWS=0 ansible-playbook check_become_user.yml
______________________________________
< PLAY [Check become_user of postgres] >
--------------------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [server]
_______________________
< TASK [Run with root.] >
-----------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [server]
___________________________
< TASK [Run with postgres.] >
---------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [server]
_____________________
< TASK [print result] >
---------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [server] => {}
MSG:
[ root_rc: root, postgres_rc: postgres]
____________
< PLAY RECAP >
------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
server : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0