如何解决在 Ansible 任务中使用带有 become:yes 的 lineinfile 权限被拒绝
TASK [ansible-role-domain-member : add local hostname to /etc/hosts] ********************************************************************************************************
fatal: [10.0.0.2]: FAILED! => {"changed": false,"module_stderr": "Shared connection to 10.0.0.2 closed.\r\n","module_stdout": "/usr/bin/python: can't open file '/home/centos/.ansible/tmp/ansible-tmp-1618421785.04-66535-11992536214126/AnsiballZ_lineinfile.py': [Errno 13] Permission denied\r\n","msg": "MODULE FAILURE\nSee stdout/stderr for the exact error","rc": 2}
这是导致错误的任务:
- name: add local hostname to /etc/hosts
lineinfile:
dest: /etc/hosts
line: >
{{ ansible_default_ipv4["address"] }} {{ ansible_hostname }}.{{ ansible_domain }} {{ ansible_hostname }}
regexp: '^{{ ansible_default_ipv4["address"] }}'
become: yes
become_user: centos
- Ansible 2.10
- 此角色中的其他任务需要 root 使用标准
become:yes
无问题地执行 - 这之前在其他主机上执行过没有问题。当前主机是最新的 CentOS7 稳定版本。
这是完整的详细输出,包括在 playbook run 命令中指定 Python3 作为解释器:
TASK [ansible-role-domain-member : add local hostname to /etc/hosts] ********************************************************************************************************
task path: /Users/user/src-local/organization/ansible-role-domain-member/tasks/main.yml:10
<10.0.0.2> ESTABLISH SSH CONNECTION FOR USER: centos
<10.0.0.2> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.0.2> SSH: ansible_password/ansible_ssh_password not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<10.0.0.2> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="centos")
<10.0.0.2> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.0.2> SSH: PlayContext set ssh_common_args: ()
<10.0.0.2> SSH: PlayContext set ssh_extra_args: ()
<10.0.0.2> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/Users/user/.ansible/cp/22eeb4c8d8)
<10.0.0.2> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/Users/user/.ansible/cp/22eeb4c8d8 10.0.0.2 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<10.0.0.2> (0,'/home/centos\n','OpenSSH_8.1p1,LibreSSL 2.7.3\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 47: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 10.0.0.2 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local,0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 36026\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<10.0.0.2> ESTABLISH SSH CONNECTION FOR USER: centos
<10.0.0.2> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.0.2> SSH: ansible_password/ansible_ssh_password not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/Users/user/.ansible/cp/22eeb4c8d8 10.0.0.2 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189 `" && echo ansible-tmp-1618426266.02-36125-64004255919189="` echo /home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189 `" ) && sleep 0'"'"''
<10.0.0.2> (0,'ansible-tmp-1618426266.02-36125-64004255919189=/home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189\n',0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 36026\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
Including module_utils file ansible/module_utils/common/text/formatters.py
Including module_utils file ansible/module_utils/distro/_distro.py
Including module_utils file ansible/module_utils/common/_collections_compat.py
Including module_utils file ansible/module_utils/compat/selectors.py
Including module_utils file ansible/module_utils/_text.py
Including module_utils file ansible/module_utils/parsing/__init__.py
Including module_utils file ansible/module_utils/common/validation.py
Including module_utils file ansible/module_utils/compat/__init__.py
Including module_utils file ansible/module_utils/common/_utils.py
Including module_utils file ansible/module_utils/common/parameters.py
Including module_utils file ansible/module_utils/distro/__init__.py
Including module_utils file ansible/module_utils/common/_json_compat.py
Including module_utils file ansible/module_utils/common/file.py
Including module_utils file ansible/module_utils/common/text/__init__.py
Including module_utils file ansible/module_utils/common/text/converters.py
Including module_utils file ansible/module_utils/pycompat24.py
Including module_utils file ansible/module_utils/__init__.py
Including module_utils file ansible/module_utils/common/__init__.py
Including module_utils file ansible/module_utils/parsing/convert_bool.py
Including module_utils file ansible/module_utils/common/collections.py
Including module_utils file ansible/module_utils/compat/_selectors2.py
Including module_utils file ansible/module_utils/six/__init__.py
Including module_utils file ansible/module_utils/common/sys_info.py
Including module_utils file ansible/module_utils/common/warnings.py
Including module_utils file ansible/module_utils/common/process.py
Including module_utils file ansible/module_utils/basic.py
Including module_utils file ansible/__init__.py
Using module file /Users/user/src-local/ansible/lib/ansible/modules/lineinfile.py
<10.0.0.2> PUT /Users/user/.ansible/tmp/ansible-local-35965MzMlUe/tmpGOreh_ TO /home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189/AnsiballZ_lineinfile.py
<10.0.0.2> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.0.2> SSH: ansible_password/ansible_ssh_password not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,publickey)(-o)(PasswordAuthentication=no)
<10.0.0.2> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User="centos")
<10.0.0.2> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<10.0.0.2> SSH: PlayContext set ssh_common_args: ()
<10.0.0.2> SSH: PlayContext set sftp_extra_args: ()
<10.0.0.2> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/Users/user/.ansible/cp/22eeb4c8d8)
<10.0.0.2> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/Users/user/.ansible/cp/22eeb4c8d8 '[10.0.0.2]'
<10.0.0.2> (0,'sftp> put /Users/user/.ansible/tmp/ansible-local-35965MzMlUe/tmpGOreh_ /home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189/AnsiballZ_lineinfile.py\n',0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 36026\r\ndebug3: mux_client_request_session: session request sent\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug3: Sent message fd 8 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/centos size 0\r\ndebug3: Looking up /Users/user/.ansible/tmp/ansible-local-35965MzMlUe/tmpGOreh_\r\ndebug3: Sent message fd 8 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189/AnsiballZ_lineinfile.py\r\ndebug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop,ack for 4 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:32768 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:65536 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:7 O:98304 S:23184\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop,ack for 5 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop,ack for 6 32768 bytes at 65536\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop,ack for 7 23184 bytes at 98304\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<10.0.0.2> ESTABLISH SSH CONNECTION FOR USER: centos
<10.0.0.2> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.0.2> SSH: ansible_password/ansible_ssh_password not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/Users/user/.ansible/cp/22eeb4c8d8 10.0.0.2 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189/ /home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189/AnsiballZ_lineinfile.py && sleep 0'"'"''
<10.0.0.2> (0,'',publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/Users/user/.ansible/cp/22eeb4c8d8 -tt 10.0.0.2 '/bin/sh -c '"'"'/usr/bin/python /home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189/AnsiballZ_lineinfile.py && sleep 0'"'"''
<10.0.0.2> (1,'\r\n{"msg": "The destination directory (/etc) is not writable by the current user. Error was: [Errno 13] Permission denied: \'/etc/.ansible_tmpnr8YsGhosts\'","failed": true,"exception": "Traceback (most recent call last):\\n File \\"/tmp/ansible_lineinfile_payload_maxSYK/ansible_lineinfile_payload.zip/ansible/module_utils/basic.py\\",line 2394,in atomic_move\\n tmp_dest_fd,tmp_dest_name = tempfile.mkstemp(prefix=b\'.ansible_tmp\',dir=b_dest_dir,suffix=b_suffix)\\n File \\"/usr/lib64/python2.7/tempfile.py\\",line 304,in mkstemp\\n return _mkstemp_inner(dir,prefix,suffix,flags)\\n File \\"/usr/lib64/python2.7/tempfile.py\\",line 239,in _mkstemp_inner\\n fd = _os.open(file,flags,0600)\\nOSError: [Errno 13] Permission denied: \'/etc/.ansible_tmpnr8YsGhosts\'\\n","invocation": {"module_args": {"unsafe_writes": false,"group": null,"insertbefore": null,"dest": "/etc/hosts","selevel": null,"create": false,"seuser": null,"serole": null,"backrefs": false,"insertafter": null,"state": "present","firstmatch": false,"mode": null,"path": "/etc/hosts","owner": null,"regexp": "^10.0.0.2","line": "10.0.0.2 shell.my.domain shell\\n","attributes": null,"backup": false,"validate": null,"setype": null}}}\r\n',0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 36026\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to 10.0.0.2 closed.\r\n')
<10.0.0.2> Failed to connect to the host via ssh: OpenSSH_8.1p1,LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 10.0.0.2 is address
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local,0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 36026
debug3: mux_client_request_session: session request sent
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
Shared connection to 10.0.0.2 closed.
<10.0.0.2> ESTABLISH SSH CONNECTION FOR USER: centos
<10.0.0.2> SSH: ansible.cfg set ssh_args: (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.0.2> SSH: ansible_password/ansible_ssh_password not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/Users/user/.ansible/cp/22eeb4c8d8 10.0.0.2 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1618426266.02-36125-64004255919189/ > /dev/null 2>&1 && sleep 0'"'"''
<10.0.0.2> (0,0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 36026\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_lineinfile_payload_maxSYK/ansible_lineinfile_payload.zip/ansible/module_utils/basic.py",in atomic_move
tmp_dest_fd,tmp_dest_name = tempfile.mkstemp(prefix=b'.ansible_tmp',suffix=b_suffix)
File "/usr/lib64/python2.7/tempfile.py",in mkstemp
return _mkstemp_inner(dir,flags)
File "/usr/lib64/python2.7/tempfile.py",in _mkstemp_inner
fd = _os.open(file,0600)
OSError: [Errno 13] Permission denied: '/etc/.ansible_tmpnr8YsGhosts'
fatal: [10.0.0.2]: FAILED! => {
"changed": false,"invocation": {
"module_args": {
"attributes": null,"line": "10.0.0.2 shell.my.domain shell\n","setype": null,"unsafe_writes": false,"validate": null
}
},"msg": "The destination directory (/etc) is not writable by the current user. Error was: [Errno 13] Permission denied: '/etc/.ansible_tmpnr8YsGhosts'"
}
解决方法
啊哈!我在我的工作目录中创建了 ansible.cfg 文件并将 remote_tmp 值覆盖为如下所示的值,从而解决了问题。
# /Users/user/ansible.cfg
[defaults]
remote_tmp = /tmp/${USER}/ansible
我仍然不完全理解这里发生的事情的性质,所以如果有人能提供更多的背景,我会很感激。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。