问题:

I create a vm in the azure cloud with the following ansible script:

---  - name: azure playbook   hosts: localhost   vars_files: ['vars.yaml']   tasks:   - name: Create VM with defaults     azure_rm_virtualmachine:       resource_group: "{{account_prefix}}_rg"       vm_size: Standard_D1       name: "{{account_prefix}}-vm1"       storage_account_name: "{{account_prefix}}store1"       network_interface_names: "{{account_prefix}}vm1eth0"       ssh_password_enabled: false       admin_username: owen       ssh_public_keys:       - {  path: /home/owen/.ssh/authorized_keys,         key_data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH0q4pmdkJcc/JPVJui5uWMV12GsJAsDCosfUSSFZfTIx92bb9FC3hx1zU7tD1+Zw3aQW13m6ZS2T ... YnvieSbdD3v}       image:         offer: CentOS         publisher: OpenLogic         sku: '7.2'         version: latest

but when running a further script to add another user:

---  - name: create user   hosts: my-vm1.westeurope.cloudapp.azure.com #  vars_files: ['vars.yaml']   remote_user: owen   tasks:   - name: Create User     user:       name: andrea       password: $6$rounds=656000$1AspdTb0lfOSc5yM$bAkPgHkuHwap/j6f0P88WxOdjxq3MCRO7/qgufYB.s/4t4k99wwtu/.../       group: users       shell: /bin/bash     become: true

I get "sudo: a password is required" error:

PLAY [create user] *************************************************************  TASK [setup] ******************************************************************* fatal: [my-vm1.westeurope.cloudapp.azure.com]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "parsed": false}  NO MORE HOSTS LEFT *************************************************************         to retry, use: --limit @8-add-admin-user-to-vm-with-userpswd-already.retry

My inventory looks like this:

my-vm1.westeurope.cloudapp.azure.com ansible_ssh_private_key_file=/home/myuser/.ssh/id_rsa ansible_user=owen ansible_become=true

So how can the user have sudo privileges and so use ansible 'become' and the like?

Note that the same result happens when ansible_user and ansible_become are omitted from the inventory file.

EDIT: If I ssh on to the vm as owen (from the box with the ssh private key, that created the vm) then I am able to run sudo visudo -f /etc/sudoers and access that file. So does owen have sudo privileges or not? I'm getting confused now!! Am I misunderstanding the error from the ansible add user script?

EDIT2: I think this question is invalid - as the user does have sudo privileges added manually through the portal. I'm still not sure what's going on but I don't think this question is coherent - or really represents the actual problem I'm trying to solve.

回答1:

You can either change the sudo config for the user owen with this command:

sudo visudo -f /etc/sudoers

and change the line with user owen to this:

owen ALL=(ALL) NOPASSWD:ALL

then sudo won't require Ansible to enter the password. Or you could instruct Ansible to ask you for the password with the parameter --ask-become-pass like this:

ansible-playbook site.yml --ask-become-pass

转载请标明出处:How can a user with SSH keys authentication have sudo powers in Ansible?

文章来源: How can a user with SSH keys authentication have sudo powers in Ansible?

标签

ssh

sudo

ansible

keys