Ansible剧本:需要sudo密码 [英] Ansible playbook: Requires sudo password

问题描述

我目前正在使用ansible，并且我想自动转储我的远程数据库并将转储的文件导入到我的本地数据库.现在，我在使用 sudo 切换用户时遇到了一些问题.

I am currently working with ansible and I want to automate dumping of my Remote DB and import the dumped file to my local DB. Now, I encountered some problem for using sudo to switch user.

playbook.yml

  ---
  - hosts: remoteserver
    vars:
      remote_db_name: dbname
      remote_filename: dbname_{{ lookup('pipe', 'date +%m-%d-%Y') }}
      local_folder: /home/alde/database_backups/

    tasks:
      - name: Dump database
        become: yes
        become_user: postgres
        shell: pg_dump -d {{remote_db_name}} > "{{remote_filename}}"

当我尝试运行 ansible-playbook playbook.yml 时，它返回: "sudo:需要密码"

when I try to run ansible-playbook playbook.yml it returns: "sudo: a password is required"

到目前为止我已经尝试过.

1)我尝试了此解决方案.

ansible.cfg

[defaults]
sudo_flags = -H -S

然后，我在执行剧本时遇到了另一个错误: 超时(12s)等待特权升级提示:"

then I got a different error when I execute my playbook: "Timeout (12s) waiting for privilege escalation prompt: "

2)我将 超时 增加了30.

2) I increased the timeout up to 30.

3)我将默认的远程用户添加到sudoers文件中

3) I added the default remote user to sudoers file

这很奇怪，因为当我尝试使用ssh访问远程服务器并使用 sudo su-postgres

It's strange because there's no password prompt when I try to access my remote server using ssh and switch from default_user to postgres using sudo su - postgres

• 可用2.3.0.0
• Python 2.7
• Ubuntu 14.04

推荐答案

链接的词汇表说:

默认值为"-H -S -n"，它设置HOME环境变量，通过STDIN提示输入密码，并避免提示用户输入任何形式.请注意，-n"将与使用无密码的sudo身份验证(例如pam_ssh_agent_auth)冲突.在某些情况下，您可能希望添加或删除标志，但是通常大多数用户不需要更改此设置::

The default is ‘-H -S -n’ which sets the HOME environment variable, prompts for passwords via STDIN, and avoids prompting the user for input of any kind. Note that ‘-n’ will conflict with using password-less sudo auth, such as pam_ssh_agent_auth. In some situations you may wish to add or remove flags, but in general most users will not need to change this setting::

因此，我认为也尝试使用-n标志至少会更改某些内容，因为您似乎已将其更改为等待认证，而不是没有认证，最后一次修改.

So I think that trying the -n flag as well would at least change something since it seems like you've changed it to waiting on authentication rather than there is no authentication with your last modification.

这篇关于Ansible剧本:需要sudo密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！