尝试更改"command: sudo ...“时可能出现错误。添加到一个带有变成的模块
尝试更改"command: sudo ...“时可能出现错误。添加到一个带有变成的模块
提问于 2021-04-09 06:41:01
我有一个简单的策略,可以重启一个服务:
- hosts: rmq-node2.lan
gather_facts: no
tasks:
- name: Restart RabbitMQ
become: yes
become_method: sudo
systemd:
name: rabbitmq-server
state: restarted
force: yes 库存:
rabbit:
hosts:
rmq-node1.lan: {}
all:
vars:
ansible_user: usbp-deploy-adt
ansible_password: q12345
ansible_become_pass: "{{ ansible_password }}"它给出了以下错误:
fatal: [rmq-node2.lan]: FAILED! => {"ansible_facts":
{"discovered_interpreter_python": "/usr/bin/python"},
"changed": false,
"module_stderr": "Shared connection to rmq-node2.lan closed.\r\n",
"module_stdout": "\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1}-vvv模式:
<rmq-node2.lan> ESTABLISH SSH CONNECTION FOR USER: usbp-deploy-adt
<rmq-node2.lan> SSH: EXEC sshpass -d9 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="usbp-deploy-adt"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/3f3f334328 rmq-node2.lan '/bin/sh -c '"'"'echo ~usbp-deploy-adt && sleep 0'"'"''
<rmq-node2.lan> (0, b'/home/usbp-deploy-adt\n', b'')
<rmq-node2.lan> ESTABLISH SSH CONNECTION FOR USER: usbp-deploy-adt
<rmq-node2.lan> SSH: EXEC sshpass -d9 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="usbp-deploy-adt"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/3f3f334328 rmq-node2.lan '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/usbp-deploy-adt/.ansible/tmp/ansible-tmp-1617921012.2138484-192947282332368 `" && echo ansible-tmp-1617921012.2138484-192947282332368="` echo /home/usbp-deploy-adt/.ansible/tmp/ansible-tmp-1617921012.2138484-192947282332368 `" ) && sleep 0'"'"''
<rmq-node2.lan> (0, b'ansible-tmp-1617921012.2138484-192947282332368=/home/usbp-deploy-adt/.ansible/tmp/ansible-tmp-1617921012.2138484-192947282332368\n', b'')
<rmq-node2.lan> Attempting python interpreter discovery
<rmq-node2.lan> ESTABLISH SSH CONNECTION FOR USER: usbp-deploy-adt
<rmq-node2.lan> SSH: EXEC sshpass -d9 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="usbp-deploy-adt"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/3f3f334328 rmq-node2.lan '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<rmq-node2.lan> (0, b'PLATFORM\nLinux\nFOUND\n/usr/bin/python\n/usr/bin/python3.6\n/usr/bin/python2.7\n/usr/libexec/platform-python\n/usr/bin/python3\n/usr/bin/python\nENDFOUND\n', b'')
<rmq-node2.lan> ESTABLISH SSH CONNECTION FOR USER: usbp-deploy-adt
<rmq-node2.lan> SSH: EXEC sshpass -d9 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="usbp-deploy-adt"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/3f3f334328 rmq-node2.lan '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''
<rmq-node2.lan> (0, b'{"osrelease_content": "NAME=\\"Red Hat Enterprise Linux Server\\"\\nVERSION=\\"7.9 (Maipo)\\"\\nID=\\"rhel\\"\\nID_LIKE=\\"fedora\\"\\nVARIANT=\\"Server\\"\\nVARIANT_ID=\\"server\\"\\nVERSION_ID=\\"7.9\\"\\nPRETTY_NAME=\\"Red Hat Enterprise Linux\\"\\nANSI_COLOR=\\"0;31\\"\\nCPE_NAME=\\"cpe:/o:redhat:enterprise_linux:7.9:GA:server\\"\\nHOME_URL=\\"https://www.redhat.com/\\"\\nBUG_REPORT_URL=\\"https://bugzilla.redhat.com/\\"\\n\\nREDHAT_BUGZILLA_PRODUCT=\\"Red Hat Enterprise Linux 7\\"\\nREDHAT_BUGZILLA_PRODUCT_VERSION=7.9\\nREDHAT_SUPPORT_PRODUCT=\\"Red Hat Enterprise Linux\\"\\nREDHAT_SUPPORT_PRODUCT_VERSION=\\"7.9\\"\\n", "platform_dist_result": ["redhat", "7.9", "Maipo"]}\n', b'')
Using module file /usr/lib/python3.7/site-packages/ansible/modules/system/systemd.py
<rmq-node2.lan> PUT /root/.ansible/tmp/ansible-local-2929y0v8kody/tmpl7fkd6zd TO /home/usbp-deploy-adt/.ansible/tmp/ansible-tmp-1617921012.2138484-192947282332368/AnsiballZ_systemd.py
<rmq-node2.lan> SSH: EXEC sshpass -d9 sftp -o BatchMode=no -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="usbp-deploy-adt"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/3f3f334328 '[rmq-node2.lan]'
<rmq-node2.lan> (0, b'sftp> put /root/.ansible/tmp/ansible-local-2929y0v8kody/tmpl7fkd6zd /home/usbp-deploy-adt/.ansible/tmp/ansible-tmp-1617921012.2138484-192947282332368/AnsiballZ_systemd.py\n', b'')
<rmq-node2.lan> ESTABLISH SSH CONNECTION FOR USER: usbp-deploy-adt
<rmq-node2.lan> SSH: EXEC sshpass -d9 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="usbp-deploy-adt"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/3f3f334328 rmq-node2.lan '/bin/sh -c '"'"'chmod u+x /home/usbp-deploy-adt/.ansible/tmp/ansible-tmp-1617921012.2138484-192947282332368/ /home/usbp-deploy-adt/.ansible/tmp/ansible-tmp-1617921012.2138484-192947282332368/AnsiballZ_systemd.py && sleep 0'"'"''
<rmq-node2.lan> (0, b'', b'')
<rmq-node2.lan> ESTABLISH SSH CONNECTION FOR USER: usbp-deploy-adt
<rmq-node2.lan> SSH: EXEC sshpass -d9 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="usbp-deploy-adt"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/3f3f334328 -tt rmq-node2.lan '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=qejohkgmxxluzqnxhpvqakuitlgmqaoe] password:" -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-qejohkgmxxluzqnxhpvqakuitlgmqaoe ; /usr/bin/python /home/usbp-deploy-adt/.ansible/tmp/ansible-tmp-1617921012.2138484-192947282332368/AnsiballZ_systemd.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<rmq-node2.lan> (1, b'\r\n', b'Shared connection to rmq-node2.lan closed.\r\n')
<rmq-node2.lan> Failed to connect to the host via ssh: Shared connection to rmq-node2.lan closed.
<rmq-node2.lan> ESTABLISH SSH CONNECTION FOR USER: usbp-deploy-adt
<rmq-node2.lan> SSH: EXEC sshpass -d9 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'User="usbp-deploy-adt"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/3f3f334328 rmq-node2.lan '/bin/sh -c '"'"'rm -f -r /home/usbp-deploy-adt/.ansible/tmp/ansible-tmp-1617921012.2138484-192947282332368/ > /dev/null 2>&1 && sleep 0'"'"''
<rmq-node2.lan> (0, b'', b'')
fatal: [rmq-node2.lan]: FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"module_stderr": "Shared connection to rmq-node2.lan closed.\r\n",
"module_stdout": "\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}但是,如果我将攻略更改为以下内容:
- hosts: rmq-node2.lan
tasks:
- name: Restart RabbitMQ
command: "sudo systemctl restart rabbitmq-server"一切都运行得很好。如何避免在sudo中使用命令/ become /等,而使用内置模块和shell
使用ansible版本2.9.1和2.9.10的python2和python3上都会出现错误
编辑1:远程计算机上的sudoers (省略注释):
Defaults !visiblepw
Defaults always_set_home
Defaults match_group_by_gid
Defaults always_query_group_plugin
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
usbp-deploy-adt ALL=(ALL)NOPASSWD:/usr/bin/journalctl *
usbp-deploy-adt ALL=(rabbitmq) ALL
usbp-deploy-adt ALL=(ALL)NOPASSWD:/usr/bin/systemctl * rabbitmq-server
#usbp-deploy-adt ALL=(ALL:ALL) ALL编辑2:将become_method切换到su
fatal: [rmq-node2.lan]: FAILED! => {
"msg": "Incorrect su password"
}回答 1
Stack Overflow用户
发布于 2021-04-09 09:28:51
我会检查ansible运行的权限提升方法是否有任何问题。
您的用户是轮组的一部分,还是在sudoers文件上设置的(取决于linux发行版)?
默认权限提升方法是sudo,您可以在运行ansible命令时使用--become-method=METHOD对其进行更改(例如,使用su替换方法,以查看行为是否发生更改。
您可能需要使用参数ask-become-pass为此测试添加口令
如果更改权限提升方法有效,我会发布更多关于发行版和sudoers/轮子配置的信息。
以确保用户配置正确。
以下是ansible中关于become的一些文档:
https://docs.ansible.com/ansible/latest/user_guide/become.html
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/67012803
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号