Question

我无法在Ansible中远程执行Shell脚本。但是，在远程服务器中成功执行了具有相同角色（文件拍子）的先前任务。我正在本地服务器172.28.28.6服务器中运行以下命令，以在远程服务器172.28.28.81中安装并运行filebeat

剧本：install-filebeat.yml：

 hosts: filebeat-servers
  remote_user: wwwadm
  sudo: yes
  roles:
  - { role: /vagrant/roles/filebeat}

角色文件拍子：main.yml：

---
# tasks file for filebeat
- name: "Extract Filebeat"
  unarchive:
    src: "{{ tmp_artifact_cache }}/{{ filebeat_archive }}"
    remote_src: yes
    dest: "{{ filebeat_root_dir }}"
    extra_opts: ['--transform=s,/*[^/]*,{{ filebeat_ver }},i', '--show-stored-names']
  become: yes
  become_user: "{{ filebeat_install_as }}"
  when: not ansible_check_mode 
  tags: [ 'filebeat' ]

- name: Configure Filebeat
  template: 
    src: "filebeat.yml.j2"
    dest: "{{ filebeat_install_dir }}/filebeat.yml"
    mode: 0775
  become: yes
  become_user: "{{ filebeat_install_as }}"
  tags: [ 'filebeat' ]

- name: 'Filebeat startup script'
  template: 
    src: "startup.sh.j2" 
    dest: "{{ filebeat_install_dir }}/bin/startup.sh" 
    mode: 0755
  become: yes
  become_user: "{{ filebeat_install_as }}"
  tags: [ 'filebeat', 'start' ]

#This one does not get executed at all:
- name: "Start Filebeat"
  # shell: "{{ filebeat_install_dir }}/bin/startup.sh"
  command: "sh {{ filebeat_install_dir }}/bin/startup.sh"
  become: yes
  become_user: "{{ filebeat_install_as }}"

默认值：

# defaults file for filebeat
filebeat_ver: "6.6.0"
filebeat_archive: "filebeat-{{ filebeat_ver }}-linux-x86_64.tar.gz"
filebeat_archive_checksum : "sha1:d38d8fea7e9915582720280eb0118b7d92569b23"
filebeat_url: "https://artifacts.elastic.co/downloads/beats/filebeat/{{ filebeat_archive }}"

filebeat_root_dir: "{{ apps_home }}/filebeat"
filebeat_data_dir: "{{ apps_data }}/filebeat"
filebeat_log_dir: "{{ apps_logs }}/filebeat"
filebeat_install_dir: "{{ filebeat_root_dir }}/{{ filebeat_ver }}"

filebeat_cert_dir: "/etc/pki/tls/certs"
filebeat_ssl_certificate_file: "logstash.crt"
filebeat_ssl_key_file: "logstash.key"

filebeat_install_as: "{{ install_user | default('wwwadm') }}"

filebeat_set_as_current: yes
filebeat_force_clean_install: no

filebeat_java_home: "{{ sw_home }}/jdk"

库存/本地/主机：

localhost ansible_connection=local

[filebeat-servers]
172.28.28.81 ansible_user=vagrant ansible_connection=ssh

已安装Filebeat，并在远程服务器中进行了更改，除了最后一步是执行Shell脚本之外

按以下方式运行剧本时：

ansible-playbook -i /vagrant/inventory/local install-filebeat.yml -vvv

获取与shell执行相关的以下输出：

TASK [/vagrant/roles/filebeat : Start Filebeat] ***************************************************************************************************************************************************************
task path: /vagrant/roles/filebeat/tasks/main.yml:184
<172.28.28.81> ESTABLISH SSH CONNECTION FOR USER: vagrant
<172.28.28.81> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/f66f05c055 172.28.28.81 '/bin/sh -c '"'"'echo ~vagrant && sleep 0'"'"''
<172.28.28.81> (0, '/home/vagrant\n', '')
<172.28.28.81> ESTABLISH SSH CONNECTION FOR USER: vagrant
<172.28.28.81> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/f66f05c055 172.28.28.81 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /var/tmp/ansible-tmp-1550178583.24-35955954120606 `" && echo ansible-tmp-1550178583.24-35955954120606="` echo /var/tmp/ansible-tmp-1550178583.24-35955954120606 `" ) && sleep 0'"'"''
<172.28.28.81> (0, 'ansible-tmp-1550178583.24-35955954120606=/var/tmp/ansible-tmp-1550178583.24-35955954120606\n', '')
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<172.28.28.81> PUT /home/vagrant/.ansible/tmp/ansible-local-13658UX7cBC/tmpFzf2Ll TO /var/tmp/ansible-tmp-1550178583.24-35955954120606/AnsiballZ_command.py
<172.28.28.81> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/f66f05c055 '[172.28.28.81]'
<172.28.28.81> (0, 'sftp> put /home/vagrant/.ansible/tmp/ansible-local-13658UX7cBC/tmpFzf2Ll /var/tmp/ansible-tmp-1550178583.24-35955954120606/AnsiballZ_command.py\n', '')
<172.28.28.81> ESTABLISH SSH CONNECTION FOR USER: vagrant
<172.28.28.81> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/f66f05c055 172.28.28.81 '/bin/sh -c '"'"'setfacl -m u:wwwsvr:r-x /var/tmp/ansible-tmp-1550178583.24-35955954120606/ /var/tmp/ansible-tmp-1550178583.24-35955954120606/AnsiballZ_command.py && sleep 0'"'"''
<172.28.28.81> (0, '', '')
<172.28.28.81> ESTABLISH SSH CONNECTION FOR USER: vagrant
<172.28.28.81> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/f66f05c055 -tt 172.28.28.81 '/bin/sh -c '"'"'sudo -H -S -n -u wwwsvr /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-ntzchfzqggiteuqwzpiurlloddbdhevp; /usr/bin/python /var/tmp/ansible-tmp-1550178583.24-35955954120606/AnsiballZ_command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<172.28.28.81> (0, '\r\n{"changed": true, "end": "2019-02-14 13:09:44.800191", "stdout": "Starting Filebeat", "cmd": ["sh", "/apps_ux/filebeat/6.6.0/bin/startup.sh"], "rc": 0, "start": "2019-02-14 13:09:43.792122", "stderr": "+ export JAVA_HOME=/sw_ux/jdk\\n+ JAVA_HOME=/sw_ux/jdk\\n+ echo \'Starting Filebeat\'\\n+ /apps_ux/filebeat/6.6.0/bin/filebeat -c /apps_ux/filebeat/6.6.0/config/filebeat.yml -path.home /apps_ux/filebeat/6.6.0 -path.config /apps_ux/filebeat/6.6.0/config -path.data /apps_data/filebeat -path.logs /apps_data/logs/filebeat", "delta": "0:00:01.008069", "invocation": {"module_args": {"warn": true, "executable": null, "_uses_shell": false, "_raw_params": "sh /apps_ux/filebeat/6.6.0/bin/startup.sh", "removes": null, "argv": null, "creates": null, "chdir": null, "stdin": null}}}\r\n', 'Shared connection to 172.28.28.81 closed.\r\n')
<172.28.28.81> ESTABLISH SSH CONNECTION FOR USER: vagrant
<172.28.28.81> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/f66f05c055 172.28.28.81 '/bin/sh -c '"'"'rm -f -r /var/tmp/ansible-tmp-1550178583.24-35955954120606/ > /dev/null 2>&1 && sleep 0'"'"''
<172.28.28.81> (0, '', '')
changed: [172.28.28.81] => {
    "changed": true,
    "cmd": [
        "sh",
        "/apps_ux/filebeat/6.6.0/bin/startup.sh"
    ],
    "delta": "0:00:01.008069",
    "end": "2019-02-14 13:09:44.800191",
    "invocation": {
        "module_args": {
            "_raw_params": "sh /apps_ux/filebeat/6.6.0/bin/startup.sh",
            "_uses_shell": false,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "warn": true
        }
    },
    "rc": 0,
    "start": "2019-02-14 13:09:43.792122",
    "stderr": "+ export JAVA_HOME=/sw_ux/jdk\n+ JAVA_HOME=/sw_ux/jdk\n+ echo 'Starting Filebeat'\n+ /apps_ux/filebeat/6.6.0/bin/filebeat -c /apps_ux/filebeat/6.6.0/config/filebeat.yml -path.home /apps_ux/filebeat/6.6.0 -path.config /apps_ux/filebeat/6.6.0/config -path.data /apps_data/filebeat -path.logs /apps_data/logs/filebeat",
    "stderr_lines": [
        "+ export JAVA_HOME=/sw_ux/jdk",
        "+ JAVA_HOME=/sw_ux/jdk",
        "+ echo 'Starting Filebeat'",
        "+ /apps_ux/filebeat/6.6.0/bin/filebeat -c /apps_ux/filebeat/6.6.0/config/filebeat.yml -path.home /apps_ux/filebeat/6.6.0 -path.config /apps_ux/filebeat/6.6.0/config -path.data /apps_data/filebeat -path.logs /apps_data/logs/filebeat"
    ],
    "stdout": "Starting Filebeat",
    "stdout_lines": [
        "Starting Filebeat"
    ]
}
META: ran handlers
META: ran handlers

PLAY RECAP ****************************************************************************************************************************************************************************************************
172.28.28.81              : ok=18   changed=7    unreachable=0    failed=0

在远程服务器上：

[6.6.0:vagrant]$ cd bin
[bin:vagrant]$ ls -ltr
total 36068
-rwxr-xr-x. 1 wwwadm wwwadm 36927014 Jan 24 02:30 filebeat
-rwxr-xr-x. 1 wwwadm wwwadm      478 Feb 14 12:54 startup.sh
[bin:vagrant]$ pwd
/apps_ux/filebeat/6.6.0/bin
[bin:vagrant]$ more startup.sh
#!/usr/bin/env bash
set -x

export JAVA_HOME="/sw_ux/jdk"

#To save pid into a file is an open feature: https://github.com/elastic/logstash/issues/3577. There is no -p flag for filebeat to save the pid and then kill it.
echo 'Starting Filebeat'
/apps_ux/filebeat/6.6.0/bin/filebeat -c /apps_ux/filebeat/6.6.0/config/filebeat.yml -path.home /apps_ux/filebeat/6.6.0 -path.config /apps_ux/filebeat/6.6.0/config -path.data /apps_data/filebeat -path.logs /a
pps_data/logs/filebeat &

通过执行ps命令找不到正在运行的进程

[bin:vagrant]$ ps -fea | grep filebeat | grep -v grep

但是，如果我连接到远程服务器，则可以通过使用用户wwwadm执行脚本来运行filebeat，并且filebeat成功启动：

[bin:wwwadm]$ pwd
/apps_ux/filebeat/6.6.0/bin

[bin:wwwadm]$ id
uid=778(wwwadm) gid=778(wwwadm) groups=778(wwwadm) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[bin:wwwadm]$ ./startup.sh
+ export JAVA_HOME=/sw_ux/jdk
+ JAVA_HOME=/sw_ux/jdk
+ echo 'Starting Filebeat'
Starting Filebeat
+ /apps_ux/filebeat/6.6.0/bin/filebeat -c /apps_ux/filebeat/6.6.0/config/filebeat.yml -path.home /apps_ux/filebeat/6.6.0 -path.config /apps_ux/filebeat/6.6.0/config -path.data /apps_data/filebeat -path.logs /apps_data/logs/filebeat

[bin:wwwadm]$ ps -fea | grep filebeat | grep -v grep
wwwadm   19160     1  0 15:12 pts/0    00:00:00 /apps_ux/filebeat/6.6.0/bin/filebeat -c /apps_ux/filebeat/6.6.0/config/filebeat.yml -path.home /apps_ux/filebeat/6.6.0 -path.config /apps_ux/filebeat/6.6.0/config -path.data /apps_data/filebeat -path.logs /apps_data/logs/filebeat

谢谢

Answer 1

您应该使用nohup在后台运行它。

因为当ansible退出时，与会话相关的所有进程将终止。为避免这种情况，您应该使用nohup。

正确的命令是：

- name: "Start Filebeat"
  # shell: "{{ filebeat_install_dir }}/bin/startup.sh"
  command: "nohup sh {{ filebeat_install_dir }}/bin/startup.sh &>> startup.log &"
  become: yes
  become_user: "{{ filebeat_install_as }}"

Answer 2

您必须使用disown内置命令来通知Shell断开连接时，它不应杀死后台进程；您也可以使用nohup来达到相同的效果

话虽如此，您肯定正在解决错误的问题，因为如果^ H ^ H在文件拍打失败时，没有任何监视该服务的方法来保持它的生命。您将要使用systemd（或系统上的等效文件）来确保filebeat保持运行，并且通过使用针对该内容设计的机制，您回避了导致您提出S.O的所有“ disown or nohup”业务。问题。

Shell脚本执行在远程服务器Ansible中不起作用（先前的任务已成功执行）

2 个答案: