我的总体目标是通过ansible为特定用户重新启动Pulseaudio(因此,如果您有更好的方法,我很乐意听到:))
我想以用户myuser的身份运行以下命令,并且根据pulseaudio,不应以sudo / root身份执行此命令。
$([[ $(pulseaudio -k) -eq 0 ]] || exit 0; sleep 5; [[ $(pulseaudio -D --exit-idle-time=-1) -eq 0 ]] || exit 0)
如果我在一台机器上对其进行自我测试,效果很好。如果正在运行,它将杀死pulseaudio,然后再次启动它,并且如果pulseaudio已经停止,它不会失败。
我的任务(作为角色的一部分)如下:
- name: restart pulse audio
shell: '$([[ $(pulseaudio -k) -eq 0 ]] || exit 0; sleep 5; [[ $(pulseaudio -D --exit-idle-time=-1) -eq 0 ]] || exit 0)'
args:
executable: /bin/bash
become: true
become_method: sudo
become_flags: "su - {{ ansible_user }} -c"
但是如果我运行该命令,则会收到错误FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}
如果我以root用户身份登录到该计算机并输入sudo su - myuser,则会得到myuser的提示。
那么如何为myuser指定密码,以便Ansible可以使用它?
可行任务:
- name: restart pulse audio
shell: '$([[ $(pulseaudio -k) -eq 0 ]] || exit 0; sleep 5; [[ $(pulseaudio -D --exit-idle-time=-1) -eq 0 ]] || exit 0)'
args:
executable: /bin/bash
become: true
become_method: su
become_user: myuser
我也尝试使用become_user代替become_flags,但没有成功。然后我得到了错误:FAILED! => {"msg": "Incorrect su password"}
如果我首先尝试Calum Halpin的建议,则pulseaudio会启动,但作为sudo,我不想要什么,我需要myuser来启动pulseaudio。
可行任务:
- name: restart pulse audio
shell: '$([[ $(pulseaudio -k) -eq 0 ]] || exit 0; sleep 5; [[ $(pulseaudio -D --exit-idle-time=-1) -eq 0 ]] || exit 0)'
args:
executable: /bin/bash
become: true
become_method: sudo
become_user: myuser
我得到以下输出:
{"changed": true,
"cmd": "$([[ $(pulseaudio -k) -eq 0 ]] || exit 0; sleep 5; [[ $(pulseaudio -D --exit-idle-time=-1) -eq 0 ]] || exit 0)",
"delta": "0:00:05.110839", "end": "2019-06-23 11:11:43.686776", "rc": 0, "start": "2019-06-23 11:11:38.575937",
"stderr": "E: [pulseaudio] main.c: Failed to kill daemon: No such file or directory\nW: [pulseaudio] main.c: This program is not intended to be run as root (unless --system is specified).",
"stderr_lines": ["E: [pulseaudio] main.c: Failed to kill daemon: No such file or directory", "W: [pulseaudio] main.c: This program is not intended to be run as root (unless --system is specified)."],
"stdout": "", "stdout_lines": []}
remote_user: myuser] 我尝试在手册中将remote_user设置为myuser,但是所有结果保持不变。
我的become变量的配置如下:
ansible_connection: ssh
ansible_user: myuser
ansible_ssh_pass: 1234
ansible_become: yes
ansible_become_user: root
ansible_become_pass: 1234
剧本看起来像:
- hosts: myhost
connection: local
become: ansible_become
become_user: ansible_become_user
roles:
- role: pulse-audio-config
答案 0 :(得分:0)
如果您的远程用户具有完整的sudo特权:
- name: restart pulse audio
shell: '$([[ $(pulseaudio -k) -eq 0 ]] || exit 0; sleep 5; [[ $(pulseaudio -D --exit-idle-time=-1) -eq 0 ]] || exit 0)'
args:
executable: /bin/bash
become: true
become_method: sudo
become_user: myuser
确保将ansible_become_pass设置为远程用户的密码。
或者将{<1}}的变为方法设置为su的密码,将ansible_become_pass设置为myuser。
或者,如果您的剧本结构适合,则可以将remote_user设置为myuser。
请确保您没有在组变量或主机变量中设置成为用户,因为这将覆盖播放/任务设置:https://docs.ansible.com/ansible/latest/user_guide/become.html#directives。
答案 1 :(得分:0)
经过几种不同的方法后,我可以使用以下配置:
库存中的变量:
your_argument在剧本中:
ansible_connection: ssh
ansible_user: myuser
ansible_ssh_pass: 1234
ansible_become: yes
ansible_become_user: root
ansible_become_pass: 1234
角色:
- hosts: myhost
connection: local
roles:
- role: another-role
- { role: pulse-audio-config,
ansible_become_user: nas }
- role: another-other-role