成为Ansible的非root用户失败 [英] Becoming non root user in ansible fails

问题描述

我正尝试使用以下剧本成为ansible的用户"oracle":

I am trying to become a user "oracle" in ansible using the following playbook:

- hosts: "myhost"
  tasks:         
        - name: install oracle client
          become: yes
          become_user: oracle
          become_method: su
          shell: |
                whoami
          args:
            chdir: /tmp/client
          environment:
            DISTRIB: /tmp/client

我收到一个错误:

"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of `/tmp/ansible-tmp-1513617986.78-246171259298529/': Operation not permitted\nchown: changing ownership of `/tmp/ansible-tmp-1513617986.78-246171259298529/command.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"

我将文章" https://docs涂成红色.ansible.com/ansible/become.html#becoming-an-unprivileged-user "

，并将以下内容添加到/etc/ansible/ansible.cfg 中.

and added the following to /etc/ansible/ansible.cfg without any effect.

allow_world_readable_tmpfiles = True

我的Ansible版本:

ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]

问题:有没有一种方法可以配置我的主机以接受ansible成为oracle用户?

Question: Is there a way to configure my host to accept ansible's becoming the oracle user?

推荐答案

要允许成为非特权用户，必须在/etc/ansible/ansible.cfg

To allow becoming non privileged user two things must be set to True in /etc/ansible/ansible.cfg

重要:给定的设置必须在 ansible.cfg 中正确的位置取消注释.将这些设置附加到 ansible.cfg 中是不够的.

Important: The given settings must be uncommented at the right locations in ansible.cfg. It is insufficient to append those settings to ansible.cfg.

allow_world_readable_tmpfiles = True
pipelining = True

要以编程方式取消注释，请执行以下操作:

To uncomment them programmatically do:

sed -i 's/.*pipelining.*/pipelining = True/' /etc/ansible/ansible.cfg
sed -i 's/.*allow_world_readable_tmpfiles.*/allow_world_readable_tmpfiles = True/' /etc/ansible/ansible.cfg

这里是一个示例剧本，其中显示了如何成为用户 oracle .

Here is an example playbook, which shows how to become the user oracle.

# Setup the infrastructure for Faktura
- hosts: "myhost"
  become: yes
  become_method: sudo
  become_user: oracle
  vars:
    allow_world_readable_tmpfiles: true
  tasks:         


        # an error is thorwn when becoming unpriviledged user. Hence use sudo
        - name: install oracle client
          shell: |
                whoami
          args:
            chdir: /tmp/client
          environment:
            DISTRIB: /tmp/client

这篇关于成为Ansible的非root用户失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！