使用 SSH 密钥身份验证的用户如何在 Ansible 中拥有 sudo 权限? [英] How can a user with SSH keys authentication have sudo powers in Ansible?
问题描述
我使用以下 ansible 脚本在 azure 云中创建了一个虚拟机:
I create a vm in the azure cloud with the following ansible script:
---
- name: azure playbook
hosts: localhost
vars_files: ['vars.yaml']
tasks:
- name: Create VM with defaults
azure_rm_virtualmachine:
resource_group: "{{account_prefix}}_rg"
vm_size: Standard_D1
name: "{{account_prefix}}-vm1"
storage_account_name: "{{account_prefix}}store1"
network_interface_names: "{{account_prefix}}vm1eth0"
ssh_password_enabled: false
admin_username: owen
ssh_public_keys:
- { path: /home/owen/.ssh/authorized_keys,
key_data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH0q4pmdkJcc/JPVJui5uWMV12GsJAsDCosfUSSFZfTIx92bb9FC3hx1zU7tD1+Zw3aQW13m6ZS2T ... YnvieSbdD3v}
image:
offer: CentOS
publisher: OpenLogic
sku: '7.2'
version: latest
但是当运行进一步的脚本以添加另一个用户时:
but when running a further script to add another user:
---
- name: create user
hosts: my-vm1.westeurope.cloudapp.azure.com
# vars_files: ['vars.yaml']
remote_user: owen
tasks:
- name: Create User
user:
name: andrea
password: $6$rounds=656000$1AspdTb0lfOSc5yM$bAkPgHkuHwap/j6f0P88WxOdjxq3MCRO7/qgufYB.s/4t4k99wwtu/.../
group: users
shell: /bin/bash
become: true
我收到sudo:需要密码"错误:
I get "sudo: a password is required" error:
PLAY [create user] *************************************************************
TASK [setup] *******************************************************************
fatal: [my-vm1.westeurope.cloudapp.azure.com]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "parsed": false}
NO MORE HOSTS LEFT *************************************************************
to retry, use: --limit @8-add-admin-user-to-vm-with-userpswd-already.retry
我的库存如下所示:
my-vm1.westeurope.cloudapp.azure.com ansible_ssh_private_key_file=/home/myuser/.ssh/id_rsa ansible_user=owen ansible_become=true
那么用户如何拥有 sudo 权限,从而使用 ansible 'become' 之类的东西?
So how can the user have sudo privileges and so use ansible 'become' and the like?
请注意,当 ansible_user 和 ansible_become 从清单文件中省略时,会发生相同的结果.
Note that the same result happens when ansible_user and ansible_become are omitted from the inventory file.
如果我 ssh 到 vm 作为 owen(从创建 vm 的 ssh 私钥的盒子中),那么我就可以运行 sudo visudo -f/etc/sudoers 并访问该文件.那么,owen 是否有 sudo 权限?我现在很迷茫!!我是否误解了 ansible 添加用户脚本的错误?
If I ssh on to the vm as owen (from the box with the ssh private key, that created the vm) then I am able to run sudo visudo -f /etc/sudoers and access that file. So does owen have sudo privileges or not? I'm getting confused now!! Am I misunderstanding the error from the ansible add user script?
我认为这个问题无效 - 因为用户确实通过门户手动添加了 sudo 权限.我仍然不确定发生了什么,但我不认为这个问题是连贯的 - 或者真的代表了我试图解决的实际问题.
I think this question is invalid - as the user does have sudo privileges added manually through the portal. I'm still not sure what's going on but I don't think this question is coherent - or really represents the actual problem I'm trying to solve.
推荐答案
您可以使用以下命令更改用户的 sudo 配置:
You can either change the sudo config for the user owen with this command:
sudo visudo -f /etc/sudoers
并更改与用户相关的行:
and change the line with user owen to this:
owen ALL=(ALL) NOPASSWD:ALL
那么 sudo 将不需要 Ansible 输入密码.或者您可以指示 Ansible 使用参数 --ask-become-pass 向您询问密码,如下所示:
then sudo won't require Ansible to enter the password. Or you could instruct Ansible to ask you for the password with the parameter --ask-become-pass like this:
ansible-playbook site.yml --ask-become-pass
这篇关于使用 SSH 密钥身份验证的用户如何在 Ansible 中拥有 sudo 权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
