在 ansible 中成为非 root 用户失败 [英] Becoming non root user in ansible fails
问题描述
我正在尝试使用以下剧本在 ansible 中成为用户oracle":
I am trying to become a user "oracle" in ansible using the following playbook:
- hosts: "myhost"
tasks:
- name: install oracle client
become: yes
become_user: oracle
become_method: su
shell: |
whoami
args:
chdir: /tmp/client
environment:
DISTRIB: /tmp/client
我收到一个错误:
"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of `/tmp/ansible-tmp-1513617986.78-246171259298529/': Operation not permitted\nchown: changing ownership of `/tmp/ansible-tmp-1513617986.78-246171259298529/command.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"
我将文章https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"
并将以下内容添加到 /etc/ansible/ansible.cfg 中,但没有任何影响.
and added the following to /etc/ansible/ansible.cfg without any effect.
allow_world_readable_tmpfiles = True
我的 Ansible 版本:
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
问题:有没有办法配置我的主机以接受 ansible 成为 oracle 用户?
Question: Is there a way to configure my host to accept ansible's becoming the oracle user?
推荐答案
要允许成为非特权用户,必须将 /etc/ansible/ansible.cfg
True
中的两件事设置为 True
/代码>
To allow becoming non privileged user two things must be set to True
in /etc/ansible/ansible.cfg
重要提示:必须在 ansible.cfg
中的正确位置取消注释给定的设置.将这些设置附加到 ansible.cfg
是不够的.
Important:
The given settings must be uncommented at the right locations in ansible.cfg
.
It is insufficient to append those settings to ansible.cfg
.
allow_world_readable_tmpfiles = True
pipelining = True
要以编程方式取消注释,请执行以下操作:
To uncomment them programmatically do:
sed -i 's/.*pipelining.*/pipelining = True/' /etc/ansible/ansible.cfg
sed -i 's/.*allow_world_readable_tmpfiles.*/allow_world_readable_tmpfiles = True/' /etc/ansible/ansible.cfg
这是一个示例剧本,展示了如何成为用户 oracle
.
Here is an example playbook, which shows how to become the user oracle
.
# Setup the infrastructure for Faktura
- hosts: "myhost"
become: yes
become_method: sudo
become_user: oracle
vars:
allow_world_readable_tmpfiles: true
tasks:
# an error is thorwn when becoming unpriviledged user. Hence use sudo
- name: install oracle client
shell: |
whoami
args:
chdir: /tmp/client
environment:
DISTRIB: /tmp/client
这篇关于在 ansible 中成为非 root 用户失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!