ansible - 以特定用户身份在所有远程服务器上运行特定命令?
问题描述
我正在尝试以与运行剧本的用户不同的用户身份运行特定的 Ansible 任务。在我的本地机器上,我有下面的剧本,我以david
用户身份登录,我想/tek/ghy/bin/ss.sh start
在所有远程服务器上goldy
仅以用户身份运行此命令。
我的 .yml 文件如下所示:
---
- name: start server
hosts: one_box
serial: "{{ num_serial }}"
tasks:
- name: start server
command: /tek/ghy/bin/ss.sh start
become: true
become_user: goldy
以下是我的运行方式:
david@machineA:~$ ansible-playbook -e 'host_key_checking=False' -e 'num_serial=1' start_box.yml -u david --ask-pass --sudo -U goldy --ask-become-pass
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings
can be disabled by setting deprecation_warnings=False in ansible.cfg.
SSH password:
SUDO password[defaults to SSH password]:
PLAY [start server] ***************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
fatal: [remote_machineA]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of ‘/tmp/ansible-tmp-1527357815.74-165519966271795/’: Operation not permitted\nchown: changing ownership of ‘/tmp/ansible-tmp-1527357815.74-165519966271795/setup.py’: Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
我在这里做错了什么?我正在运行 ansible 2.4.3.0
解决方案
通过谷歌搜索,您可能会受到此问题的影响。
尝试升级 ansible,您的代码(我替换了在远程服务器上command
运行简单的,而不是,并且我使用了与您提供的相同的 shell 命令和参数)适用于 2.5.2:id
/tek/ghy/bin/ss.sh start
[ilias@optima-ansible tmp]$ ansible-playbook -e 'host_key_checking=False' -e 'num_serial=1' lala.yml -u ilias --ask-pass --sudo -U http_offline --ask-become-pass
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings can be disabled by
setting deprecation_warnings=False in ansible.cfg.
SSH password:
SUDO password[defaults to SSH password]:
PLAY [start server] *************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************************************
ok: [greenhat]
TASK [start server] *************************************************************************************************************************************************************************************************
changed: [greenhat]
TASK [debug] ********************************************************************************************************************************************************************************************************
ok: [greenhat] => {
"command_output": {
"changed": true,
"cmd": [
"id"
],
"delta": "0:00:00.004484",
"end": "2018-05-26 21:26:28.531838",
"failed": false,
"rc": 0,
"start": "2018-05-26 21:26:28.527354",
"stderr": "",
"stderr_lines": [],
"stdout": "uid=1002(http_offline) gid=1002(http_offline) groups=1002(http_offline),984(docker)",
"stdout_lines": [
"uid=1002(http_offline) gid=1002(http_offline) groups=1002(http_offline),984(docker)"
]
}
}
PLAY RECAP **********************************************************************************************************************************************************************************************************
greenhat : ok=3 changed=1 unreachable=0 failed=0
[ilias@optima-ansible tmp]$ ansible --version
ansible 2.5.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/ilias/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15 (default, May 16 2018, 17:50:09) [GCC 8.1.1 20180502 (Red Hat 8.1.1-1)]
[ilias@optima-ansible tmp]$
推荐阅读
- javascript - MongoDB 通过 findOne 加入集合
- prolog - 如何在prolog中打印出所有事实
- php - Laravel 日期/时间比较
- c# - 文本框中的特定字符
- c# - C#:更新 SQL Server 表中的数据
- linux - Android Studio 的菜单非常滞后,几乎无法使用
- chromium - 谷歌应用商店安卓 10
- javascript - 在 webdriverio 中模拟鼠标移出 - javascript
- java - 如何在右上角的应用栏后退箭头上获得返回按钮(在设备上)之类的功能
- c# - 当“&”符号存在时,.Net Core System.Web.HttpUtility.HtmlDecode 不起作用