Ansible 如何运行脚本而不成为 true 但 sudo

问题描述 投票:0回答:1

我正在尝试运行 xrdp-installer 的脚本,它要求我使用非 sudo 用户运行它,但它在某些行中使用 sudo 运行一些命令,例如 

sudo systemctl enable xrdp.service
以及许多其他。

我想在没有 

become: true
的情况下运行此脚本,但允许 
sudo
在其中运行。 我的简单剧本任务就像

- name: Run script xrdp installer
  shell:
    cmd: ./xrdp-installer-1.4.2.sh
    chdir: ~/

这就是我在输出中看到这些错误行的原因。

"stderr_lines": [
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
        "grep: /etc/pam.d/xrdp-sesman: No such file or directory",
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper",
        "sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper"
    ],

而且我不知道如何配置askpass helper。

关于如何在没有

become: true
的情况下运行它的任何想法?

ansible sh sudo ansible-2.x
1个回答
0
投票

这与 Ansible 本身无关,而是与 管理 

sudo
访问有关。

假设用户

ansible_user
是本地组
wheel
的成员,或者在某个文件中拥有自己的
sudoers
条目

/etc/sudoers

%wheel                                ALL=(ALL)       NOPASSWD: ALL
ansible_user                          ALL=(ALL)       NOPASSWD: ALL


/etc/sudoers.d/ansible_user

ansible_user                          ALL=(ALL)       NOPASSWD: ALL

一个最小的示例手册

---
- hosts: localhost
  become: false
  gather_facts: false

  tasks:

  - shell:
      cmd: who; id; sudo id
    register: result

  - debug:
      var: result

通过

执行 
sshpass -p ${PASSWORD} ansible-playbook --user 'ansible_user' --ask-pass who.yml

将导致输出

ASK [debug] **********************************************************************************************
ok: [localhost] =>
  result:
    changed: true
    cmd: who; id; sudo id
    delta: '0:00:00.110247'
    end: '2023-10-10 09:00:00.110247'
    failed: false
    msg: ''
    rc: 0
    start: '2023-10-10 09:00:00.000000'
    stderr: ''
    stderr_lines: []
    stdout: |-
      ansible_user pts/0        2023-10-10 09:00 (192.0.2.1)
      uid=123456789(ansible_user) gid=1234560513(domain users) groups=1234560513(domain users) <omitted>
      uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

在所示示例中,用户 

ansible_user
根本不存在于本地,由于系统已连接并加入域,因此 
/etc/passwd
/etc/group
/etc/shadow
中没有条目。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.