Ansible playbook:需要 sudo 密码 [英] Ansible playbook: Requires sudo password
问题描述
我目前正在使用 ansible,我想自动转储我的远程数据库并将转储的文件导入我的本地数据库.现在,我在使用 sudo 切换用户时遇到了一些问题.
playbook.yml
---- 主机:远程服务器变量:remote_db_name: 数据库名远程文件名:dbname_{{ 查找('管道','日期+%m-%d-%Y')}}本地文件夹:/home/alde/database_backups/任务:- 名称:转储数据库变成:是成为用户:postgres外壳:pg_dump -d {{remote_db_name}} >{{remote_filename}}"
当我尝试运行 ansible-playbook playbook.yml 时,它返回:sudo:需要密码"
<小时>到目前为止我尝试过的.
1) 我试过
2) 我将超时增加到 30.
3) 我将默认远程用户添加到 sudoers 文件
这很奇怪,因为当我尝试使用 ssh 访问我的远程服务器并使用 sudo su - postgres
从 default_user 切换到 postgres 时没有密码提示<小时>- ansible 2.3.0.0
- Python 2.7
- Ubuntu 14.04
链接的词汇表说:
<块引用>默认值是‘-H -S -n’,它设置 HOME 环境变量,通过 STDIN 提示输入密码,并避免提示用户进行任何类型的输入.请注意,'-n' 将与使用无密码 sudo auth 冲突,例如 pam_ssh_agent_auth.在某些情况下,您可能希望添加或删除标志,但通常大多数用户不需要更改此设置::
所以我认为尝试使用 -n 标志至少会有所改变,因为您似乎已将其更改为等待身份验证,而不是没有身份验证strong> 上次修改.
I am currently working with ansible and I want to automate dumping of my Remote DB and import the dumped file to my local DB. Now, I encountered some problem for using sudo to switch user.
playbook.yml
---
- hosts: remoteserver
vars:
remote_db_name: dbname
remote_filename: dbname_{{ lookup('pipe', 'date +%m-%d-%Y') }}
local_folder: /home/alde/database_backups/
tasks:
- name: Dump database
become: yes
become_user: postgres
shell: pg_dump -d {{remote_db_name}} > "{{remote_filename}}"
when I try to run ansible-playbook playbook.yml it returns: "sudo: a password is required"
What I have tried so far.
1) I tried this solution by adding sudo_flags.
ansible.cfg
[defaults]
sudo_flags = -H -S
then I got a different error when I execute my playbook: "Timeout (12s) waiting for privilege escalation prompt: "
2) I increased the timeout up to 30.
3) I added the default remote user to sudoers file
It's strange because there's no password prompt when I try to access my remote server using ssh and switch from default_user to postgres using sudo su - postgres
- ansible 2.3.0.0
- Python 2.7
- Ubuntu 14.04
The linked glossary says:
The default is ‘-H -S -n’ which sets the HOME environment variable, prompts for passwords via STDIN, and avoids prompting the user for input of any kind. Note that ‘-n’ will conflict with using password-less sudo auth, such as pam_ssh_agent_auth. In some situations you may wish to add or remove flags, but in general most users will not need to change this setting::
So I think that trying the -n flag as well would at least change something since it seems like you've changed it to waiting on authentication rather than there is no authentication with your last modification.
这篇关于Ansible playbook:需要 sudo 密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!