我正在尝试运行 xrdp-installer 的脚本,它要求我使用非 sudo 用户运行它,但它在某些行中使用 sudo 运行一些命令,例如
sudo systemctl enable xrdp.service
以及许多其他。
我想在没有
become: true
的情况下运行此脚本,但允许 sudo
在其中运行。
我的简单剧本任务就像
- name: Run script xrdp installer
shell:
cmd: ./xrdp-installer-1.4.2.sh
chdir: ~/
这就是我在输出中看到这些错误行的原因。
"stderr_lines": [
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
"grep: /etc/pam.d/xrdp-sesman: No such file or directory",
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper"
],
而且我不知道如何配置askpass helper。
关于如何在没有
become: true
的情况下运行它的任何想法?
这与 Ansible 本身无关,而是与 管理
sudo
访问有关。
假设用户
ansible_user
是本地组wheel
的成员,或者在某个文件中拥有自己的sudoers
条目
/etc/sudoers
%wheel ALL=(ALL) NOPASSWD: ALL
ansible_user ALL=(ALL) NOPASSWD: ALL
或
/etc/sudoers.d/ansible_user
ansible_user ALL=(ALL) NOPASSWD: ALL
一个最小的示例手册
---
- hosts: localhost
become: false
gather_facts: false
tasks:
- shell:
cmd: who; id; sudo id
register: result
- debug:
var: result
通过
执行sshpass -p ${PASSWORD} ansible-playbook --user 'ansible_user' --ask-pass who.yml
将导致输出
ASK [debug] **********************************************************************************************
ok: [localhost] =>
result:
changed: true
cmd: who; id; sudo id
delta: '0:00:00.110247'
end: '2023-10-10 09:00:00.110247'
failed: false
msg: ''
rc: 0
start: '2023-10-10 09:00:00.000000'
stderr: ''
stderr_lines: []
stdout: |-
ansible_user pts/0 2023-10-10 09:00 (192.0.2.1)
uid=123456789(ansible_user) gid=1234560513(domain users) groups=1234560513(domain users) <omitted>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
在所示示例中,用户
ansible_user
根本不存在于本地,由于系统已连接并加入域,因此 /etc/passwd
、/etc/group
或 /etc/shadow
中没有条目。