ansible sudo_user 挂起几分钟然后失败(在 centos6.5.1 vagrant vm 中) [英] ansible sudo_user hangs for a few minutes and then fails (in a centos6.5.1 vagrant vm)

问题描述

我有这两个简单的任务:

I have these two simple tasks :

- name: I am 
  shell: "echo `id`"

- name: say hello
  shell: echo "postgres saying hello"
  sudo_user: postgres

第二个任务在长时间暂停后失败，输出如下(它以 vvv 的详细级别与 vagrant 一起运行)(是的，我已经验证用户 postgres 存在，我可以从虚拟机内部执行 sudo su postgres)

The second task fails after a long pause, the output is below (it's runing with vagrant with the verbose level vvv) (yes I have verified that the user postgres exists, I can do a sudo su postgres from inside the VM)

TASK: [postgresql | I am] ***************************************************** 
changed: [192.168.78.6] => {"changed": true, "cmd": "echo `id` ", "delta": "0:00:00.002511", "end": "2014-01-23 22:49:14.161249", "item": "", "rc": 0, "start": "2014-01-23 22:49:14.158738", "stderr": "", "stdout": "uid=0(root) gid=0(root) groups=0(root)"}

TASK: [postgresql | say hello] ************************************************ 
fatal: [192.168.78.6] => failed to parse: [sudo via ansible, key=fnfgfnxabemrzbfixwgoksvgjrfzplxf] password: 


FATAL: all hosts have already failed -- aborting

这个东西在一个 centos6.5.1 vagrant vm 中运行

The thing runs in a centos6.5.1 vagrant vm

推荐答案

它显然不适用于 Centos6.5.假设是它无法通过 postgres 系统用户密码的提示，尽管这是推测.

It doesn't work apparently for Centos6.5. The supposition is that it is unable to get past a prompt for the postgres system user password, though that is speculation.

在回答如何克服在 postgresql_* 命令期间无法对 postgres 进行 sudo 操作(后者将通过默认的 pg_hba.conf 配置使用对等身份验证)的问题时，这里有一个解决方法:

In answer to the question how to overcome the inability of ansible to sudo to postgres (which in turn would use peer authentication via the default pg_hba.conf configuration) during the postgresql_* commands, here is a workaround:

- hosts: all
  sudo: yes
  gather_facts: no

  tasks:
    - lineinfile: dest='/var/lib/pgsql/9.3/data/pg_hba.conf' regexp="^local\s+all\s+all\s+peer$" line="local    all        all                      trust" backrefs=yes

    - name: restart after line change
      action: shell sudo /etc/init.d/postgresql-9.3 restart

    - name: create database
      postgresql_db: name=acme
      sudo: no                         # NB!!
      sudo_user: postgres

我们正在将本地访问从 peer 更改为 trust 需要在由另一个 lineinfile 或替换执行所需操作后删除使用 md5 或任何所需配置的文件，然后重新启动.以上显然仅用于演示.这是一个巨大的黑客，但将允许您发出在 Centos6 下工作的 ansible postgresql 模块命令.请注意，我们为 postgresql 任务设置了 sudo.

We are changing local access from peer to trust which needs to be removed after the required operations are performed either by another lineinfile or replacing the file using md5 or whatever the desired configuration is followed by a restart. The above is clearly for demonstration only. This is a massive hack but will allow you to issue ansible postgresql module commands that work under Centos6. Note that we set sudo off for the postgresql task.

我确认问题存在，并且此 vm 框的 hack 有效:

I confirmed the problem exists and the hack works for this vm box:

https://github.com/2creatives/vagrant-centos/releases/download/v6.5.1/centos65-x86_64-20131205.box

这篇关于ansible sudo_user 挂起几分钟然后失败(在 centos6.5.1 vagrant vm 中)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！