以下Ansible剧本验证用户可以访问GitHub:
- name: Generate SSH keypair
become: true
user:
name: '{{ system_user }}'
generate_ssh_key: yes
- name: Register public key of user {{ system_user }}
become: true
slurp:
src: '/home/{{ system_user }}/.ssh/id_rsa.pub'
register: pubkey
- name: Verify the user {{ system_user }} can access GitHub
become: true
become_user: '{{ system_user }}'
shell:
cmd: 'ssh git@github.com 3>&2 2>&1 1>&3- | grep -q "successfully authenticated"'
executable: /bin/bash
当前,该播放失败,并显示以下错误消息:
TASK [Gathering Facts] *******************************************************************************
ok: [example.com]
TASK [Generate SSH keypair] **************************************************************************
ok: [example.com]
TASK [Register public key of user myuser] ************************************************************
ok: [example.com]
TASK [Verify the user myuser can access GitHub] ******************************************************
fatal: [example.com]: FAILED! => {"changed": true, "cmd": "ssh git@github.com 3>&2 2>&1 1>&3-
| grep -q \"successfully authenticated\"", "delta": "0:00:00.682593", "end": "2020-09-24 13:21:52.2524
73", "msg": "non-zero return code", "rc": 1, "start": "2020-09-24 13:21:51.569880", "std
err": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
PLAY RECAP *******************************************************************************************
example.com : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
当此任务失败时,我想指示用户将公钥手动添加到其GitHub帐户。因此,我想自定义上面的错误消息以包括必要的说明和pubkey.content的值,我该怎么做?像下面这样的东西会很棒:
- name: Verify the user {{ system_user }} can access GitHub
become: true
become_user: '{{ system_user }}'
shell:
cmd: 'ssh git@github.com 3>&2 2>&1 1>&3- | grep -q "successfully authenticated"'
executable: /bin/bash
custom_error_message: >
Oops, it seems that {{ system_user }} cannot access GitHub!
Please add the following key to your GitHub account:
{{ pubkey.content | b64decode }}
此外,如果任务不仅可以检查用户是否可以登录,还可以检查它是否至少具有特定存储库上的读取访问权限,那就很好了。
答案 0 :(得分:0)
非常感谢评论者@Zeitounator,我提出了以下解决方案:
- name: generate SSH keypair
become: true
user:
name: '{{ system_user }}'
generate_ssh_key: yes
- block:
- name: verify the user {{ system_user }} can access the repository
become: true
become_user: '{{ system_user }}'
shell:
cmd: 'ssh git@github.com 3>&2 2>&1 1>&3- | grep -q "successfully authenticated"'
executable: /bin/bash
rescue:
- name: register public key of user {{ system_user }}
become: true
slurp:
src: '/home/{{ system_user }}/.ssh/id_rsa.pub'
register: pubkey
- fail:
msg: >
Oops, it seems that {{ system_user }} cannot access GitHub!
Please add the following key to your GitHub account:
{{ pubkey.content | b64decode }}