我有一个没有sudo的远程用户,并且服务器具有root禁止使用ssh。因此,我尝试使用下一种方法进行特权升级:
- block:
- name: Get hardware password
shell: |
slcli --format json hardware detail --passwords {{ hostname }}
register: json_answer
delegate_to: localhost
- name: set hardwareInfo variable
set_fact:
hardwareInfo: "{{ json_answer.stdout|from_json }}"
- name: set password variable
set_fact:
ansible_become_pass: "{{ hardwareInfo | to_json | from_json | json_query(password_query) }}"
vars:
password_query: "users[?username==`root`].password"
no_log: true
- name: Install repository deb
shell: |
dpkg -i {{ deb_repo_url }}
become: yes
become_method: su
become_user: root
但是我得到错误:
{“ msg”:“ su密码不正确,” _ ansible_no_log“:false}
我签出了ansible_become_pass变量,它具有正确的密码。
发现我的变量格式错误(数组而不是字符串)。
{
"changed": false,
"ansible_facts": {
"ansible_become_pass": [
"my_password"
]
},
"_ansible_no_log": false
}
将set_fact更改为此,现在可以使用了
- name: set password variable
set_fact:
ansible_become_pass: "{{ hardwareInfo | to_json | from_json | json_query(password_query) | join('') }}"