问题
I am trying to setup ansible (2.0) for installing software on a linux box
ies-iesd-jktools is the machine with ansible. ies-iesd-git-06 is the target. User account is iesdgrid that can do sudo on target machine.
Following command hangs on remote:-
ies-iesd-jktools:~/ansible$ ansible ies-iesd-git-06 \
-i inventory -m raw \
-a "sudo yum install -y python-simplejson" -vvvv
Using /usr/src/ansible/ansible.cfg as config file
SUDO password: <I type password here>
Loaded callback minimal of type stdout, v2.0
<ies-iesd-git-06> ESTABLISH CONNECTION FOR USER: None on PORT 22 TO ies-iesd-git-06
<ies-iesd-git-06> EXEC sudo yum install -y python-simplejson
This starts a sudo on target machine, but does not proceed as if it is waiting for password
$ hostname
ies-iesd-git-06
$
$ ps -ef| grep su
root 583 582 0 09:01 pts/1 00:00:00 sudo yum install -y python-simplejson
iesdgrid 811 771 0 09:05 pts/2 00:00:00 grep su
What is the mistake?
After a while I got
sudo: pam_authenticate: Conversation error
(manually login to the target machine and sudo there works. )
回答1:
You need to specify the --become --become-user root --ask-become-pass parameters so ansible will sudo su to root prior to executing the command.
ansible -m raw -a "yum install python-simplejson" testserver --ask-become-pass --become-user root --become
SUDO password:
testserver | SUCCESS | rc=0 >>
Loaded plugins: security
Setting up Install Process
Static_ol6_UEK2_latest | 2.3 kB 00:00
Static_ol6_latest | 2.3 kB 00:00
Package python-simplejson-2.0.9-3.1.el6.x86_64 already installed and latest version
Nothing to do
回答2:
sudo, by design, requires an interactive shell so a password can be entered.
The cleanest way of fully automating calls to sudo is giving the user NOPASSWD access to all or only the necessary commands, although this potentially poses a security risk.
Detailed information about the /etc/sudoers configuration file can be found at http://www.sudo.ws/man/1.8.15/sudoers.man.html.
There are several threads on stackexchange dealing with the problem of automated elevated execution on linux:
- Specify sudo password for Ansible
- https://unix.stackexchange.com/questions/69172/how-to-securely-automate-running-commands-as-root-with-sudo-su
- https://unix.stackexchange.com/questions/144997/sudo-su-automated-login
- https://superuser.com/questions/243499/automating-the-sudo-su-user-command
- Automating password into sudo
来源:https://stackoverflow.com/questions/35172654/ansible-hangs-in-sudo-yum-install-step