ansible sudo_user挂起几分钟，然后失败(在centos6.5.1流浪的vm中) [英] ansible sudo_user hangs for a few minutes and then fails (in a centos6.5.1 vagrant vm)

问题描述

我有两个简单的任务:

- name: I am 
  shell: "echo `id`"

- name: say hello
  shell: echo "postgres saying hello"
  sudo_user: postgres

第二个任务长时间停顿后失败，输出如下 (它正在以冗长的级别vvv游荡) (是的，我已经验证了用户postgres的存在， 我可以在VM内执行sudo su postgres)

The second task fails after a long pause, the output is below (it's runing with vagrant with the verbose level vvv) (yes I have verified that the user postgres exists, I can do a sudo su postgres from inside the VM)

TASK: [postgresql | I am] ***************************************************** 
changed: [192.168.78.6] => {"changed": true, "cmd": "echo `id` ", "delta": "0:00:00.002511", "end": "2014-01-23 22:49:14.161249", "item": "", "rc": 0, "start": "2014-01-23 22:49:14.158738", "stderr": "", "stdout": "uid=0(root) gid=0(root) groups=0(root)"}

TASK: [postgresql | say hello] ************************************************ 
fatal: [192.168.78.6] => failed to parse: [sudo via ansible, key=fnfgfnxabemrzbfixwgoksvgjrfzplxf] password: 


FATAL: all hosts have already failed -- aborting

这东西在一个centos6.5.1流浪汉vm中运行

The thing runs in a centos6.5.1 vagrant vm

推荐答案

它显然不适用于Centos6.5.推测是尽管推测，但它无法通过提示输入postgres系统用户密码的提示.

It doesn't work apparently for Centos6.5. The supposition is that it is unable to get past a prompt for the postgres system user password, though that is speculation.

为回答以下问题，即在postgresql_ *命令期间如何克服ansible无法对PostgreSQL进行sudo操作(后者将通过默认的pg_hba.conf配置使用对等身份验证)，这是一种变通方法:

In answer to the question how to overcome the inability of ansible to sudo to postgres (which in turn would use peer authentication via the default pg_hba.conf configuration) during the postgresql_* commands, here is a workaround:

- hosts: all
  sudo: yes
  gather_facts: no

  tasks:
    - lineinfile: dest='/var/lib/pgsql/9.3/data/pg_hba.conf' regexp="^local\s+all\s+all\s+peer$" line="local    all        all                      trust" backrefs=yes

    - name: restart after line change
      action: shell sudo /etc/init.d/postgresql-9.3 restart

    - name: create database
      postgresql_db: name=acme
      sudo: no                         # NB!!
      sudo_user: postgres

我们正在将本地访问从peer更改为trust，在由另一个lineinfile执行所需的操作或使用md5替换文件或执行任何所需的配置并重新启动之后，需要将其删除.以上显然仅用于演示.这是一个巨大的黑客攻击，但将允许您发出在Centos6下可以运行的anspostgresql模块命令.请注意，对于postgresql任务，我们将sudo设置为off.

We are changing local access from peer to trust which needs to be removed after the required operations are performed either by another lineinfile or replacing the file using md5 or whatever the desired configuration is followed by a restart. The above is clearly for demonstration only. This is a massive hack but will allow you to issue ansible postgresql module commands that work under Centos6. Note that we set sudo off for the postgresql task.

我确认该问题存在，并且此vm盒的hack可以工作:

I confirmed the problem exists and the hack works for this vm box:

https://github.com/2creatives/vagrant-centos/releases/download/v6.5.1/centos65-x86_64-20131205.box

这篇关于ansible sudo_user挂起几分钟，然后失败(在centos6.5.1流浪的vm中)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！