Ansible权限问题 [英] Ansible Permissions Issue

问题描述

我想当前用户添加到组中的系统，然后执行需要为该组权限的命令。我的剧本是像这样：

I'm trying to add the current user to a group in the system, then execute a command that requires permission for that group. My playbook is like so:

- name: Add this user to RVM group
  sudo: true
  user: state=present name=vagrant append=yes groups=rvm group=rvm
- name: Install Ruby 1.9.3
  command: rvm install ruby-1.9.3-p448 creates=/usr/local/rvm/bin/ruby-1.9.3-p448

的问题是，所有这一切都在同一个壳正在发生。无业游民的shell尚未更新使用新的群组。有没有干净的方式来刷新用户的当前组Ansible？我想我需要得到它重新连接或打开一个新的外壳。

The problem is that all of this is happening in the same shell. vagrant's shell hasn't been updated with the new groups yet. Is there a clean way to refresh the user's current groups in Ansible? I figure I need to get it to re-connect or open a new shell.

不过，我试图打开一个新的外壳，它只是挂起：

However I tried opening a new shell and it simply hangs:

- name: Open a new shell for the new groups
  shell: bash

当然它挂起：这个过程永远不会退出

Of course it hangs: the process never exits!

与newgrp同样的事情

Same thing with newgrp

- name: Refresh the groups
  shell: newgrp

由于它基本上做同样的事情。

Because it basically does the same thing.

任何想法？

推荐答案

阅读本手册。

这里的一个解决方案是使用了执行参数无论是'命令'或'壳'的模块。

A solution here is to use the 'executable' parameter for either the 'command' or 'shell' modules.

于是，我就用命令模块，像这样：

So I tried using the command module like so:

- name: install ruby 1.9.3
  command: rvm install ruby-1.9.3-p448 executable=/bin/bash creates=/usr/local/rvm/bin/ruby-1.9.3-p448
  ignore_error: true

但剧本挂下去。 href=\"http://www.ansibleworks.com/docs/modules.html#command\" rel=\"nofollow\">手动国

如果您希望通过shell运行命令（假设你正在使用＆LT;，>，|，等等），你真正想要的外壳模块来代替。命令模块更加安全，因为它不影响该用户的
  环境。

If you want to run a command through the shell (say you are using <, >, |, etc), you actually want the shell module instead. The command module is much more secure as it's not affected by the user's environment.

于是，我试着用外壳模块：

So I tried using the shell module:

- name: install ruby 1.9.3
  shell: rvm install ruby-1.9.3-p448 executable=/bin/bash creates=/usr/local/rvm/bin/ruby-1.9.3-p448
  ignore_error: true

和它的作品！

这篇关于Ansible权限问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！