具有SSH密钥身份验证的用户如何在Ansible中具有sudo权限? [英] How can a user with SSH keys authentication have sudo powers in Ansible?

问题描述

我在Azure云中使用以下Ansible脚本创建一个虚拟机:

I create a vm in the azure cloud with the following ansible script:

---

- name: azure playbook
  hosts: localhost
  vars_files: ['vars.yaml']
  tasks:
  - name: Create VM with defaults
    azure_rm_virtualmachine:
      resource_group: "{{account_prefix}}_rg"
      vm_size: Standard_D1
      name: "{{account_prefix}}-vm1"
      storage_account_name: "{{account_prefix}}store1"
      network_interface_names: "{{account_prefix}}vm1eth0"
      ssh_password_enabled: false
      admin_username: owen
      ssh_public_keys:
      - {  path: /home/owen/.ssh/authorized_keys,
        key_data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH0q4pmdkJcc/JPVJui5uWMV12GsJAsDCosfUSSFZfTIx92bb9FC3hx1zU7tD1+Zw3aQW13m6ZS2T ... YnvieSbdD3v}
      image:
        offer: CentOS
        publisher: OpenLogic
        sku: '7.2'
        version: latest

，但是在运行其他脚本以添加其他用户时:

but when running a further script to add another user:

---

- name: create user
  hosts: my-vm1.westeurope.cloudapp.azure.com
#  vars_files: ['vars.yaml']
  remote_user: owen
  tasks:
  - name: Create User
    user:
      name: andrea
      password: $6$rounds=656000$1AspdTb0lfOSc5yM$bAkPgHkuHwap/j6f0P88WxOdjxq3MCRO7/qgufYB.s/4t4k99wwtu/.../
      group: users
      shell: /bin/bash
    become: true

我收到"sudo:需要密码"错误:

I get "sudo: a password is required" error:

PLAY [create user] *************************************************************

TASK [setup] *******************************************************************
fatal: [my-vm1.westeurope.cloudapp.azure.com]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "parsed": false}

NO MORE HOSTS LEFT *************************************************************
        to retry, use: --limit @8-add-admin-user-to-vm-with-userpswd-already.retry

我的库存如下:

my-vm1.westeurope.cloudapp.azure.com ansible_ssh_private_key_file=/home/myuser/.ssh/id_rsa ansible_user=owen ansible_become=true

那么用户如何拥有sudo特权并使用ansible'become'之类的东西?

So how can the user have sudo privileges and so use ansible 'become' and the like?

请注意，当清单文件中省略ansible_user和ansible_become时，也会发生相同的结果.

Note that the same result happens when ansible_user and ansible_become are omitted from the inventory file.

如果我以owen身份(以带有ssh私钥的框，即创建了vm)以ssh身份登录到vm，则可以运行sudo visudo -f/etc/sudoers并访问该文件.那么owen是否具有sudo特权?我现在很困惑！我是否会误解ansible添加用户脚本中的错误?

If I ssh on to the vm as owen (from the box with the ssh private key, that created the vm) then I am able to run sudo visudo -f /etc/sudoers and access that file. So does owen have sudo privileges or not? I'm getting confused now!! Am I misunderstanding the error from the ansible add user script?

我认为这个问题是无效的-因为用户确实具有通过门户手动添加的sudo特权.我仍然不确定发生了什么，但是我不认为这个问题是连贯的-或确实代表了我要解决的实际问题.

I think this question is invalid - as the user does have sudo privileges added manually through the portal. I'm still not sure what's going on but I don't think this question is coherent - or really represents the actual problem I'm trying to solve.

推荐答案

您可以使用以下命令更改用户的sudo配置:

You can either change the sudo config for the user owen with this command:

sudo visudo -f /etc/sudoers

并更改与此用户对应的行:

and change the line with user owen to this:

owen ALL=(ALL) NOPASSWD:ALL

然后sudo不需要Ansible输入密码.或者，您可以指示Ansible使用参数--ask-become-pass询问您的密码，如下所示:

then sudo won't require Ansible to enter the password. Or you could instruct Ansible to ask you for the password with the parameter --ask-become-pass like this:

ansible-playbook site.yml --ask-become-pass

这篇关于具有SSH密钥身份验证的用户如何在Ansible中具有sudo权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！