如何修复使用Ansible安装软件包时拒绝错误的权限?
问题描述:
我想写一个简单的Ansible Playbook,请看下面的代码片段。使用Ansible 2.4.0.0,Ubuntu 17.04,Python 2.7.13。 这是我第一次使用Ansible和Playbooks,所以请不要太苛刻。我究竟做错了什么?如何修复使用Ansible安装软件包时拒绝错误的权限?
playbook.yml
---
- name: install packages
hosts: dbservers
become: yes
become_method: sudo
become_user: user
tasks:
- name: Update repositories cache and install "python-minimal" package
apt:
name: python-minimal
update_cache: yes
hosts文件
---
[dbservers]
db ansible_host=127.0.0.1 ansible_port=22 ansible_user=user ansible_ssh_pass=pass ansible_become_pass=pass ansible_become_user=user
命令:以下错误ansible-playbook -i hosts playbook.yml -vvv
命令以上的回报:
The full traceback is:
File "/tmp/ansible_yozgsn/ansible_module_apt.py", line 287, in <module>
import apt
fatal: [db]: FAILED! => {
"changed": false,
"cmd": "apt-get update",
"failed": true,
"invocation": {
"module_args": {
"allow_unauthenticated": false,
"autoclean": false,
"autoremove": false,
"cache_valid_time": 0,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"force_apt_get": false,
"install_recommends": null,
"name": "python-minimal",
"only_upgrade": false,
"package": [
"python-minimal"
],
"purge": false,
"state": "present",
"update_cache": true,
"upgrade": null
}
},
"msg": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)",
"rc": 100,
"stderr": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)\n",
"stderr_lines": [
"W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)",
"E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)",
"E: Unable to lock directory /var/lib/apt/lists/",
"W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)",
"W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)"
],
"stdout": "Reading package lists...\n",
"stdout_lines": [
"Reading package lists..."
]
}
编辑:如果我连接到CT通过SSH到同一台机器我可以手动更新apt-cache并使用相同的用户安装软件包(使用sudo)。如果我在Playbook中运行命令'whoami',它将返回预期结果(用户名)。
答
如果您的用户sudo访问,使用become: -
tasks:
- name: Update repositories cache and install "python-minimal" package
become: yes
apt:
name: python-minimal
update_cache: yes
答
我想你混淆become_user和remote_user。 remote_user是Ansible将用于ssh到服务器的用户,而become_user是Ansible将切换到并在服务器上运行任务的用户。您可以在Ansible's docs内找到更多有关become_user和remote_user的信息。
所以这里发生了什么是你的剧本试图成为“用户”用户和安装软件包。它不是以root身份安装软件包,而这正是您所需要的。要解决此问题,您可以从您的剧本中删除become_user参数(become_user默认为root),或者您可以将become_user参数添加到您的任务。
- name: Update repositories cache and install "python-minimal" package
apt:
name: python-minimal
update_cache: yes
become_user: root
如果我使用成为: - 然后我得到语法错误。我也尝试从Playbook和主机(在CLI中使用)中删除所有变量,但它没有帮助。 – metalcamp
你的用户有sudo privs吗?你可以登录并成功手动执行此操作吗? –
是的,我可以手动做到这一点,没有问题。 – metalcamp