问题描述
testuser 是 sudo 用户,
testuser is a sudo user,
sudo cat /etc/sudoers.d/90-cloud-init-testuser
testuser ALL=(ALL) NOPASSWD:ALL
我可以手动登录 testuser 并在没有密码的情况下运行以下内容:
I can login testuser manually and run following without password:
sudo -H apt-get update
sudo -H apt-get upgrade
但是如果我按照 ansible 代码运行,虽然我看到 whoami 命令返回 testuser,然后代码会因致命错误而停止(请参阅下面的代码和错误).
but if I run following ansible code, although I saw whoami command return testuser, then the code stops with fatal error (see code and error below).
我是否必须将 become_user 设置为 root 才能运行(请参阅我注释掉的行)?注意我可以手动登录 testuser 并运行 sudo 命令,我不能使用 become_user=testuser 来安装 apt 吗?注意我认为 remote_user 无关紧要,因为 whoami 命令只取决于 become_user.实际上我觉得 remote_user 没用,它只是让我登录.如果 become_user 未设置.然后 whoami 成为 root,如果 become_user 设置为 testuser,则 whoami 成为 testuser.
Must I set become_user as root in order to run (see the line I comment out)? Note I CAN login testuser manually and run sudo command, can't I use become_user=testuser to Install apt? Note I think remote_user does not matter because whoami command only depends on become_user.in fact I feel remote_user is useless, it just log me in. if become_user is unset. then whoami become root, if become_user is set as testuser, then whoami become testuser.
- hosts: all
remote_user: ubuntu
become: yes
become_user: testuser
gather_facts: yes
become_method: sudo
tasks:
- name: test which user I am
shell: whomami
register: hello
- debug: msg="{{ hello.stdout }}"
- name: Update and upgrade apt.
# become_user: root
# become: yes
apt: update_cache=yes upgrade=dist cache_valid_time=3600
TASK [Update and upgrade apt.]
********************************
fatal: [XX.XX.XX.XX]: FAILED! => {"changed": false, "msg":
"'/usr/bin/apt-get dist-upgrade' failed: E: Could not open lock file
/var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock
the administration directory (/var/lib/dpkg/), are you root?\n", "rc":
100, "stdout": "", "stdout_lines": []}
推荐答案
您需要连接具有 sudo 权限的帐户 - 在您的情况下为 testuser
- 然后以提升的权限运行 play/task(become: true
和 become: root
这是默认的),所以:
You need to connect with an account which has sudo permissions ― in your case testuser
― and then run play/task with elevated permissions (become: true
, and become: root
which is default), so:
- 或者给
ubuntu
添加 sudo 权限, - 或与
testuser
联系.
- either add sudo permissions to
ubuntu
, - or connect with
testuser
.
sudo
与您在问题中暗示的方式不同.
sudo
does not work the way you imply in the question.
任何命令都在特定用户的上下文中运行——testuser
,或 ubuntu
,或 root
.没有像sudo testuser
"那样运行命令.
Any command runs in a context of a specific user ― either testuser
, or ubuntu
, or root
. There is no such thing as running a command as a "sudo testuser
".
sudo
以不同的用户(默认为 root
)执行命令.执行 sudo
的用户必须具有适当的权限.
sudo
executes a command as a different user (root
by default). User executing sudo
must have appropriate permissions.
如果你以
testuser
登录并执行sudo -H apt-get update
它是(几乎)相同就像您以root
身份登录并运行apt-get update
一样.
If you log in as
testuser
and executesudo -H apt-get update
it is (almost) the same as if you logged in asroot
and ranapt-get update
.
如果您以 ubuntu
身份登录并运行 sudo -u testuser apt-get update
(这是问题中 Ansible 任务的对应 shell)― 这与您使用 testuser
登录并运行 apt-get update
时(几乎)相同.
If you log in as ubuntu
and run sudo -u testuser apt-get update
(which is a shell counterpart to the Ansible tasks in the question) ― it is (almost) the same as if you logged on with testuser
and ran apt-get update
.
testuser
运行 apt-get update
会得到一个错误——这就是你得到的.
testuser
running apt-get update
will get an error ― and this is what you get.
几乎",因为它取决于有关环境变量的设置——与这里的问题无关.
"almost", because it depends on settings regarding environment variables ― not relevant to the problem here.
这篇关于Ansible:即使 become_user 是 sudo 用户,也无法配置 sudo 命令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!