时间戳

首页 > 解决方案 > 以特定用户身份在所有远程服务器上运行特定命令?

ansible - 以特定用户身份在所有远程服务器上运行特定命令?

问题描述

我正在尝试以与运行剧本的用户不同的用户身份运行特定的 Ansible 任务。在我的本地机器上,我有下面的剧本,我以david用户身份登录,我想/tek/ghy/bin/ss.sh start在所有远程服务器上goldy仅以用户身份运行此命令。

我的 .yml 文件如下所示:

---
- name: start server
  hosts: one_box
  serial: "{{ num_serial }}"
  tasks:
      - name: start server
        command: /tek/ghy/bin/ss.sh start
        become: true
        become_user: goldy

以下是我的运行方式:

david@machineA:~$ ansible-playbook -e 'host_key_checking=False' -e 'num_serial=1' start_box.yml -u david --ask-pass --sudo -U goldy --ask-become-pass
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings
can be disabled by setting deprecation_warnings=False in ansible.cfg.
SSH password:
SUDO password[defaults to SSH password]:

PLAY [start server] ***************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************
fatal: [remote_machineA]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of ‘/tmp/ansible-tmp-1527357815.74-165519966271795/’: Operation not permitted\nchown: changing ownership of ‘/tmp/ansible-tmp-1527357815.74-165519966271795/setup.py’: Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}

我在这里做错了什么?我正在运行 ansible 2.4.3.0

标签: ansible

解决方案

通过谷歌搜索,您可能会受到此问题的影响。

尝试升级 ansible,您的代码(我替换了在远程服务器上command运行简单的,而不是,并且我使用了与您提供的相同的 shell 命令和参数)适用于 2.5.2:id/tek/ghy/bin/ss.sh start

[ilias@optima-ansible tmp]$ ansible-playbook -e 'host_key_checking=False' -e 'num_serial=1' lala.yml -u ilias --ask-pass --sudo -U http_offline --ask-become-pass 
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings can be disabled by 
setting deprecation_warnings=False in ansible.cfg.
SSH password: 
SUDO password[defaults to SSH password]: 

PLAY [start server] *************************************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************************
ok: [greenhat]

TASK [start server] *************************************************************************************************************************************************************************************************
changed: [greenhat]

TASK [debug] ********************************************************************************************************************************************************************************************************
ok: [greenhat] => {
    "command_output": {
        "changed": true, 
        "cmd": [
            "id"
        ], 
        "delta": "0:00:00.004484", 
        "end": "2018-05-26 21:26:28.531838", 
        "failed": false, 
        "rc": 0, 
        "start": "2018-05-26 21:26:28.527354", 
        "stderr": "", 
        "stderr_lines": [], 
        "stdout": "uid=1002(http_offline) gid=1002(http_offline) groups=1002(http_offline),984(docker)", 
        "stdout_lines": [
            "uid=1002(http_offline) gid=1002(http_offline) groups=1002(http_offline),984(docker)"
        ]
    }
}

PLAY RECAP **********************************************************************************************************************************************************************************************************
greenhat                   : ok=3    changed=1    unreachable=0    failed=0   

[ilias@optima-ansible tmp]$ ansible --version
ansible 2.5.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/ilias/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15 (default, May 16 2018, 17:50:09) [GCC 8.1.1 20180502 (Red Hat 8.1.1-1)]
[ilias@optima-ansible tmp]$

推荐阅读