问题描述

我想要一本剧本来验证是否安装了某些软件包，如果没有安装则使该系统失败。我想我可以package:以非 root 用户身份使用该模块并让它验证软件包是否已安装。

我认为idempotencyAnsible 会允许（实际上鼓励）这种用法。这是我应该升级的错误或增强功能，还是我忽略了实现这一目标的简单方法？

这是我的测试手册：

---
- name: Show package module non-root usage
  hosts: all
  become: false

  tasks:
  - name: Check that a packages is installed
    package:
      name:
        - vim-common
      state: installed

作为普通用户，我可以看到vim-common已安装：

$ rpm -qa vim-common
vim-common-8.0.1763-15.el8.x86_64

$ dnf list vim-common
Not root, Subscription Management repositories not updated
Last metadata expiration check: 0:00:29 ago on Thu 21 Jan 2021 12:50:56 PM CST.
Installed Packages
vim-common.x86_64                                  2:8.0.1763-15.el8                                  @rhel-8-for-x86_64-appstream-rpms
$ 

但是当我运行剧本时，我得到了这个错误而不是“成功”结果：

$ ansible-playbook package_check.yml -i localhost, --connection=local

PLAY [Show package module non-root usage] *********************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [localhost]

TASK [Check that a packages is installed] *********************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "This command has to be run under the root user.", "results": []}

PLAY RECAP ****************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

$

正如预期的那样，当我以 root 身份运行它时，它可以正常工作：

$ sudo ansible-playbook package_check.yml -i localhost, --connection=local

PLAY [Show package module non-root usage] *********************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [localhost]

TASK [Check that a packages is installed] *********************************************************************************************
ok: [localhost]

PLAY RECAP ****************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

$

我的系统是Red Hat Enterprise Linux release 8.3 (Ootpa)Ansible 2.10：

$ ansible-playbook --version
ansible-playbook 2.10.4
  config file = /home/dan/.ansible.cfg
  configured module search path = ['/home/dan/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.6.8 (default, Aug 18 2020, 08:33:21) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]

更新#1

搜索 Ansible 代码，该dnf.py模块来自：

$ egrep -C3 "This command has to be run under the root user." /usr/local/lib/python3.6/site-packages/ansible/modules/dnf.py
            # before running it.
            if not dnf.util.am_i_root():
                self.module.fail_json(
                    msg="This command has to be run under the root user.",
                    results=[],
                )
            self.base = self._base(
$

如果我注释掉那个根检查块：

$ egrep -C3 "This command has to be run under the root user." /usr/local/lib/python3.6/site-packages/ansible/modules/dnf.py
            # before running it.
#            if not dnf.util.am_i_root():
#                self.module.fail_json(
#                    msg="This command has to be run under the root user.",
#                    results=[],
#                )
            self.base = self._base(
$

我现在可以运行 playbook 并确认包已安装，无需 root 权限：

$ ansible-playbook package_check.yml -i localhost, --connection=local

PLAY [Show package module non-root usage] *********************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [localhost]

TASK [Check that a packages is installed] *********************************************************************************************
ok: [localhost]

PLAY RECAP ****************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

$

更新#2

稍微修改剧本以检查已安装和缺少的软件包：

$ cat package_check.yml
#!/usr/bin/env /usr/local/bin/ansible-playbook
---
- name: Show package module non-root usage
  hosts: all
  become: false

  tasks:
  - name: Check that VIM common is installed
    package:
      name:
        - vim-common
      state: installed

  - name: Check that EMACS is installed
    package:
      name:
        - vim-common
        - emacs
      state: installed

$

现在我们第一个成功，第二个失败：

$ ansible-playbook package_check.yml -i localhost, --connection=local

PLAY [Show package module non-root usage] *********************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [localhost]

TASK [Check that VIM common is installed] *********************************************************************************************
ok: [localhost]

TASK [Check that EMACS is installed] **************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "2021-01-21 13:27:23,224 [ERROR] dnf.py:724879:MainThread @logutil.py:194 - [Errno 13] Permission denied: '/var/log/rhsm/rhsm.log' - Further logging output will be written to stderr\n2021-01-21 13:27:23,233 [ERROR] dnf.py:724879:MainThread @identity.py:156 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 13] Permission denied: '/etc/pki/consumer/key.pem'\nTraceback (most recent call last):\n  File \"/home/dan/.ansible/tmp/ansible-tmp-1611257242.3944752-724867-4205539601634/AnsiballZ_dnf.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/home/dan/.ansible/tmp/ansible-tmp-1611257242.3944752-724867-4205539601634/AnsiballZ_dnf.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/dan/.ansible/tmp/ansible-tmp-1611257242.3944752-724867-4205539601634/AnsiballZ_dnf.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible.modules.dnf', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ansible.legacy.dnf_payload_ewju4h_n/ansible_ansible.legacy.dnf_payload.zip/ansible/modules/dnf.py\", line 1330, in <module>\n  File \"/tmp/ansible_ansible.legacy.dnf_payload_ewju4h_n/ansible_ansible.legacy.dnf_payload.zip/ansible/modules/dnf.py\", line 1319, in main\n  File \"/tmp/ansible_ansible.legacy.dnf_payload_ewju4h_n/ansible_ansible.legacy.dnf_payload.zip/ansible/modules/dnf.py\", line 1294, in run\n  File \"/tmp/ansible_ansible.legacy.dnf_payload_ewju4h_n/ansible_ansible.legacy.dnf_payload.zip/ansible/modules/dnf.py\", line 1213, in ensure\n  File \"/usr/lib/python3.6/site-packages/dnf/base.py\", line 882, in do_transaction\n    tid = self._run_transaction(cb=cb)\n  File \"/usr/lib/python3.6/site-packages/dnf/base.py\", line 955, in _run_transaction\n    tid = self.history.beg(rpmdbv, using_pkgs, [], cmdline, comment)\n  File \"/usr/lib/python3.6/site-packages/dnf/db/history.py\", line 473, in beg\n    comment)\n  File \"/usr/lib64/python3.6/site-packages/libdnf/transaction.py\", line 763, in beginTransaction\n    return _transaction.Swdb_beginTransaction(self, *args)\nlibdnf._error.Error: SQLite error on \"/var/lib/dnf/history.sqlite\": Reading a row failed: attempt to write a readonly database\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP ****************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

$

并以root身份运行按预期工作：

$ sudo ansible-playbook package_check.yml -i localhost, --connection=local

PLAY [Show package module non-root usage] *********************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [localhost]

TASK [Check that VIM common is installed] *********************************************************************************************
ok: [localhost]

TASK [Check that EMACS is installed] **************************************************************************************************
changed: [localhost]

PLAY RECAP ****************************************************************************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

$

标签： ansible