无法使用beginUser运行Ansible-Playbook

时间:2019-09-05 09:31:09

标签: jenkins ansible jenkins-pipeline

我正在尝试使用具有begin和成为用户参数的Jenkinsfile运行ansible-playbook,但似乎Jenkins正在使用自己的用户ID“ jenkins”来连接到远程主机

Jenkinsfile 

stage("Deployment"){
            steps{
                ansiColor('xterm') {
                    ansiblePlaybook(
                        playbook: 'myPlaybook.yaml',
                        inventory: 'myHosts.ini',
                        colorized: true,
            become: true,
            becomeUser: 'userID',
            extras: '-vvv'
                    )
                }
            }
        }

我还在剧本中附加了成为和成为用户

---
- name: Deploy stack from a compose file
  hosts: myNodes
  become: yes
  become_user: userID
  tasks:
  - name: deploying my application
    docker_stack:
      state: present

Jenkins构建日志

TASK [Gathering Facts] *********************************************************
task path: /path/to/myPlaybook.yaml:2
<x.x.x.x> ESTABLISH SSH CONNECTION FOR USER: None
<x.x.x.x> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/var/lib/jenkins/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/jenkins/.ansible/cp/5493f46899 x.x.x.x '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<x.x.x.x> (255, '', 'jenkins@x.x.x.x: Permission denied (publickey,password).\r\n')
fatal: [x.x.x.x]: UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: jenkins@x.x.x.x: Permission denied (publickey,password).", 
    "unreachable": true
}

甚至詹金斯也使用begin和beginUser命令运行

[xx-yy] $ ansible-playbook myplaybook.yaml -i myHosts.ini -b --become-user userID -vvv

请建议解决此问题,谢谢。

2 个答案:

答案 0 :(得分:0)

找到了替代解决方案。逐行观察日志:

为用户建立SSH连接:无 

<x.x.x.x> ESTABLISH SSH CONNECTION FOR USER: None
<x.x.x.x> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/var/lib/jenkins/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/jenkins/.ansible/cp/5493f46899 x.x.x.x '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<x.x.x.x> (255, '', 'jenkins@x.x.x.x: Permission denied (publickey,password).\r\n')

因此在对清单文件中的远程用户执行ssh时添加了 ansible_user 

[myNode]
x.x.x.x ansible_user=myuserId

学习愉快

答案 1 :(得分:0)

下面的链接可能有助于您了解“成为和成为用户”。

Medium Blog Link here

这是值得分享的摘录,

# as bruce
$ ansible all -m ping -u bruce
# as bruce, sudoing to root
$ ansible all -m ping -u bruce --sudo
# as bruce, sudoing to batman
$ ansible all -m ping -u bruce --sudo --sudo-user batman

# With latest version of ansible `sudo` is deprecated so use become
# as bruce, sudoing to root
$ ansible all -m ping -u bruce -b
# as bruce, sudoing to batman
$ ansible all -m ping -u bruce -b --become-user batman
相关问题
最新问题