我要尝试做的全部目标是成为root用户并运行一个过程。但是,我创建了一个过程,该过程称为辅助主机,并运行一个脚本,该脚本将获取我想要的任何Linux主机的根密码。之后,我将密码传递回var float(truncated)
。尽管每次我通过它,它都会引发错误“ ansible_become_password:。
我查找了变量优先级,但是当我尝试另一种方式时,我收到了相同的错误。
代码:
password is undefined错误:
# Root
- name: Run as root user. privileged escalation using su
hosts: 10.x.x.1
gather_facts: false
vars:
root_user: root
ansible_become_password: "{{ password.stdout }} "
tasks:
- name: Get root password
shell: /tmp/rootAccess.sh hostname
register: password
- debug:
msg: "{{ password.stdout }}"
delegate_to: 10.x.x.2
- name: whoami as root (su)
command: whoami
register: output_root_su
become_user: "{{ root_user }}"
become_method: su
become: yes
- name: output of 'whoami' (su)
debug:
msg: "user: {{ output_root_su.stdout }} "
答案 0 :(得分:0)
输入密码后,可以使用模块 set_fact 声明 ansible_become_password 。
以下播放
Connect-AzureRmAccount给予
- hosts: test_01
gather_facts: no
become: no
remote_user: admin
vars:
root_user: root
# ansible_become_password: "{{ password.user_input }}"
tasks:
- command: whoami
register: result
- debug:
var: result.stdout
- pause:
prompt: "Enter password"
register: password
- set_fact:
ansible_become_password: "{{ password.user_input }}"
- debug:
var: ansible_become_password
- command: whoami
register: result
become: yes
become_method: su
become_user: "{{ root_user }}"
- debug:
var: result.stdout
注释
Lazy Evaluation显然不能与 ansible_become_password 一起正常使用。
模块pause提供了一种在运行时输入变量的便捷方法。
在右引号之前有一个多余的空格。这样会导致密码错误。
PLAY [test_01] *********************************************************************************************
TASK [command] *********************************************************************************************
changed: [test_01]
TASK [debug] ***********************************************************************************************
ok: [test_01] => {
"result.stdout": "admin"
}
TASK [pause] ***********************************************************************************************
[pause]
Enter password:
[[ok: [test_01]
TASK [set_fact] ********************************************************************************************
ok: [test_01]
TASK [debug] ***********************************************************************************************
ok: [test_01] => {
"ansible_become_password": "password"
}
TASK [command] *********************************************************************************************
changed: [test_01]
TASK [debug] ***********************************************************************************************
ok: [test_01] => {
"result.stdout": "root"
}
PLAY RECAP *************************************************************************************************
test_01 : ok=7 changed=2 unreachable=0 failed=0