У меня беспарольное соединение с указанными c серверами. На этом сервере мой пользователь может выполнить «sudo su - user»
> $ ssh host
myuser@host:~ $ sudo su - new_user
new_user@host:~ $
Я хочу добиться того же с помощью Ansible playbook.
---
- hosts: my_group
remote_user: myuser
tasks:
- name: "whoami"
become: yes
become_exe: "sudo su -"
become_method: sudo
become_user: "new_user"
command: whoami
register: result
- debug: msg="{{ result.stdout }}"
Когда я запускаю playbook :
> user / ansib $ ansible-playbook int.yaml
PLAY [int] ********************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************
ok: [host]
TASK [who am i] ***************************************************************************************************************************************************
fatal: [host]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}
PLAY RECAP ********************************************************************************************************************************************************
host : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Отладка:
TASK [who am i] ***************************************************************************************************************************************************
task path: /login/myuser/ansib/cert.yaml:10
<host> ESTABLISH SSH CONNECTION FOR USER: myuser
<host> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="myuser"' -o ConnectTimeout=10 -o ControlPath=/login/myuser/.ansible/cp/0dd1c5b064 host '/bin/sh -c '"'"'echo ~myuser && sleep 0'"'"''
<host> (0, '/home/myuser\n', '')
<host> ESTABLISH SSH CONNECTION FOR USER: myuser
<host> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="myuser"' -o ConnectTimeout=10 -o ControlPath=/login/myuser/.ansible/cp/0dd1c5b064 host '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir /var/tmp/ansible-tmp-1588766128.54-31125-82317805935022 && echo ansible-tmp-1588766128.54-31125-82317805935022="` echo /var/tmp/ansible-tmp-1588766128.54-31125-82317805935022 `" ) && sleep 0'"'"''
<host> (0, 'ansible-tmp-1588766128.54-31125-82317805935022=/var/tmp/ansible-tmp-1588766128.54-31125-82317805935022\n', '')
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<host> PUT /login/myuser/.ansible/tmp/ansible-local-31097VQMw2J/tmpwKIGsv TO /var/tmp/ansible-tmp-1588766128.54-31125-82317805935022/AnsiballZ_command.py
<host> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="myuser"' -o ConnectTimeout=10 -o ControlPath=/login/myuser/.ansible/cp/0dd1c5b064 '[host]'
<host> (0, 'sftp> put /login/myuser/.ansible/tmp/ansible-local-31097VQMw2J/tmpwKIGsv /var/tmp/ansible-tmp-1588766128.54-31125-82317805935022/AnsiballZ_command.py\n', '')
<host> ESTABLISH SSH CONNECTION FOR USER: myuser
<host> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="myuser"' -o ConnectTimeout=10 -o ControlPath=/login/myuser/.ansible/cp/0dd1c5b064 host '/bin/sh -c '"'"'setfacl -m u:new_user:r-x /var/tmp/ansible-tmp-1588766128.54-31125-82317805935022/ /var/tmp/ansible-tmp-1588766128.54-31125-82317805935022/AnsiballZ_command.py && sleep 0'"'"''
<host> (0, '', '')
<host> ESTABLISH SSH CONNECTION FOR USER: myuser
<host> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="myuser"' -o ConnectTimeout=10 -o ControlPath=/login/myuser/.ansible/cp/0dd1c5b064 -tt host '/bin/sh -c '"'"'sudo su - -H -S -n -u new_user /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-udwnqqirghwxmfmdebilbiitxqeurmzg ; /usr/bin/python /var/tmp/ansible-tmp-1588766128.54-31125-82317805935022/AnsiballZ_command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<host> ESTABLISH SSH CONNECTION FOR USER: myuser
<host> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="myuser"' -o ConnectTimeout=10 -o ControlPath=/login/myuser/.ansible/cp/0dd1c5b064 host '/bin/sh -c '"'"'rm -f -r /var/tmp/ansible-tmp-1588766128.54-31125-82317805935022/ > /dev/null 2>&1 && sleep 0'"'"''
<host> (0, '', '')
Эта строка:
sudo su - -H -S -n -u new_user /bin/sh -c
И, конечно, если я запустил эту команду сам по себе, у меня также есть запрос пароля.
Я также пытался переместить некоторые вещи, и я изменил свою книгу воспроизведения, и я добавил также параметр begin_flags:
---
- hosts: my_group
remote_user: myuser
tasks:
- name: "whoami"
become: yes
become_exe: "sudo su -"
become_method: sudo
become_user: "new_user"
become_flags: ""
command: whoami
register: result
- debug: msg="{{ result.stdout }}"
и это немного лучше ...
sudo su - new_user -c
К сожалению, добавление «- c» продолжает спрашивать у меня пароль ...
Есть идеи, смогу ли я каким-то образом стать новым пользователем без " - c "параметр, или запустить команду как новый_пользователь?