Ssh Ansible:在动态ec2上设置用户
我似乎没有连接到远程主机。为什么不呢 命令行:Ssh Ansible:在动态ec2上设置用户,ssh,amazon-ec2,ansible,Ssh,Amazon Ec2,Ansible,我似乎没有连接到远程主机。为什么不呢 命令行:ansible playbook-i“127.0.0.1,”-c local playbook.yml 这是剧本。角色create_ec2_instance创建在剧本第二部分(ansible/playbook.yml)中使用的变量ec2hosts: 这只是一个简单的ec2模块创建。这可以按预期工作。(ansible/roles/create-ec2-instance/tasks/main.yml): 我已经包括了额外的透明方法,尽管这些方法非常基本(
ansible playbook-i“127.0.0.1,”-c local playbook.yml
这是剧本。角色create_ec2_instance创建在剧本第二部分(ansible/playbook.yml)中使用的变量ec2hosts
:
这只是一个简单的ec2模块创建。这可以按预期工作。(ansible/roles/create-ec2-instance/tasks/main.yml):
我已经包括了额外的透明方法,尽管这些方法非常基本(ansible/roles/show hosts/tasks/main.yml):
我们有(ansible/roles/prepare target system/tasks/main.yml):
编辑:我已更新到remote\u user
,上面和下面是错误输出:
TASK [prepare-target-system : debug] *******************************************
task path: <REDACTED>/ansible/roles/prepare-target-system/tasks/main.yml:5
ok: [35.166.52.247] => {
"username_on_the_host": {
"changed": true,
"cmd": [
"whoami"
],
"delta": "0:00:00.009067",
"end": "2017-01-07 08:23:42.033551",
"rc": 0,
"start": "2017-01-07 08:23:42.024484",
"stderr": "",
"stdout": "brianbruggeman",
"stdout_lines": [
"brianbruggeman"
],
"warnings": []
}
}
TASK [prepare-target-system : Ensure that we can update apt-repository] ********
task path: /<REDACTED>/ansible/roles/prepare-target-system/tasks/Debian.yml:2
Using module file <REDACTED>/.envs/dg2/lib/python2.7/site-packages/ansible/modules/core/packaging/os/apt.py
<35.166.52.247> ESTABLISH LOCAL CONNECTION FOR USER: brianbruggeman
<35.166.52.247> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769 `" && echo ansible-tmp-1483799022.33-268449475843769="` echo $HOME/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769 `" ) && sleep 0'
<35.166.52.247> PUT /var/folders/r9/kv1j05355r34570x2f5wpxpr0000gn/T/tmpK2__II TO <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py
<35.166.52.247> EXEC /bin/sh -c 'chmod u+x <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/ <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py && sleep 0'
<35.166.52.247> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-owktjrfvqssjrqcetaxjkwowkzsqfitq; /usr/bin/python <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py; rm -rf "<REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/" > /dev/null 2>&1'"'"' && sleep 0'
failed: [35.166.52.247] (item=[u'software-properties-common', u'python-software-properties', u'devscripts', u'build-essential', u'libffi-dev', u'libssl-dev', u'vim']) => {
"failed": true,
"invocation": {
"module_name": "apt"
},
"item": [
"software-properties-common",
"python-software-properties",
"devscripts",
"build-essential",
"libffi-dev",
"libssl-dev",
"vim"
],
"module_stderr": "sudo: a password is required\n",
"module_stdout": "",
"msg": "MODULE FAILURE"
}
to retry, use: --limit @<REDACTED>/ansible/<redacted playbook>.retry
PLAY RECAP *********************************************************************
127.0.0.1 : ok=6 changed=2 unreachable=0 failed=0
35.166.52.247 : ok=3 changed=1 unreachable=0 failed=1
任务[准备目标系统:调试]*******************************************
任务路径:/ansible/roles/prepare target system/tasks/main.yml:5
确定:[35.166.52.247]=>{
“主机上的用户名”:{
“改变”:对,
“cmd”:[
“哇”
],
“增量”:“0:00:00.009067”,
“结束”:“2017-01-07 08:23:42.033551”,
“rc”:0,
“开始”:“2017-01-07 08:23:42.024484”,
“标准”:“,
“stdout”:“brianbruggeman”,
“标准线”:[
“布莱恩布鲁格曼”
],
“警告”:[]
}
}
任务[准备目标系统:确保我们可以更新apt存储库]********
任务路径://ansible/roles/prepare-target-system/tasks/Debian.yml:2
使用模块文件/.envs/dg2/lib/python2.7/site-packages/ansible/modules/core/packaging/os/apt.py
为用户建立本地连接:brianbruggeman
EXEC/bin/sh-c'(umask 77和&mkdir-p“`echo$HOME/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769`”和&echo-ansible-tmp-1483799022.33-2684494743769=“`echo$HOME/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769`&&0”
将/var/folders/r9/kv1j05355r34570x2f5wpxpr0000gn/T/tmpK2_uii放入/ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py
EXEC/bin/sh-c'chmod u+x/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py&&sleep 0'
EXEC/bin/sh-c'sudo-H-S-n-u root/bin/sh-c''echo'owktjrfvqsjrqcetaxjkwkzsqfitq获得成功/usr/bin/python/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py;rm-rf/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/“>/dev/null 2>&1''''''''”和&sleep 0'
失败:[35.166.52.247](项=[u'software-properties-common',u'python-software-properties',u'devscripts',u'build-essential',u'libffi-dev',u'libssl-dev',u'vim'])=>{
“失败”:对,
“调用”:{
“模块名称”:“apt”
},
“项目”:[
“通用软件属性”,
“python软件属性”,
“devscripts”,
“构建基本要素”,
“libffi dev”,
“libssl开发”,
“维姆”
],
“模块”\u stderr:“sudo:需要密码\n”,
“模块”:“,
“msg”:“模块故障”
}
要重试,请使用:--limit@/ansible/。重试
重演*********************************************************************
127.0.0.1:正常=6更改=2无法访问=0失败=0
35.166.52.247:正常=3更改=1无法访问=0失败=1
使用变成:
remote_user: ansible
become: true
become_user: root
可转换文件:
例如:在我的脚本中,我以用户“ansible”的身份连接到远程主机(因为对root用户禁用了ssh),然后变成“root”。我很少以“ansible”的身份连接,然后成为“apache”用户。因此,remote\u user
指定要连接的用户名,been\u user
是连接后的用户名
PS用户无密码sudo ansible:
- name: nopasswd sudo for ansible user
lineinfile: "dest=/etc/sudoers state=present regexp='^{{ ansible_user }}' line='{{ ansible }} ALL=(ALL) NOPASSWD: ALL'"
这是已知的解决方法,请参见此处:我已添加了您需要的所有文件。因此,当我使用Been_user:root时,它会尝试在本地计算机而不是远程计算机上执行sudo。。。错误为:失败!=>{“changed”:false,“failed”:true,“module_stderr”:“sudo:需要密码\n”,“module_stdout”:“,“msg”:“module FAILURE”}@BrianBruggeman Loos就像您的本地用户没有无密码sudo一样。请参阅帖子更新。我一定不清楚:我甚至不认为我在尝试连接到远程主机。这一切都发生在我的本地主机上。
- name: get the username running the deploy
local_action: command whoami
register: username_on_the_host
- debug: var=username_on_the_host
- name: Add necessary system packages
become: yes
become_method: sudo
package: "name={{item}} state=latest"
with_items:
- software-properties-common
- python-software-properties
- devscripts
- build-essential
- libffi-dev
- libssl-dev
- vim
TASK [prepare-target-system : debug] *******************************************
task path: <REDACTED>/ansible/roles/prepare-target-system/tasks/main.yml:5
ok: [35.166.52.247] => {
"username_on_the_host": {
"changed": true,
"cmd": [
"whoami"
],
"delta": "0:00:00.009067",
"end": "2017-01-07 08:23:42.033551",
"rc": 0,
"start": "2017-01-07 08:23:42.024484",
"stderr": "",
"stdout": "brianbruggeman",
"stdout_lines": [
"brianbruggeman"
],
"warnings": []
}
}
TASK [prepare-target-system : Ensure that we can update apt-repository] ********
task path: /<REDACTED>/ansible/roles/prepare-target-system/tasks/Debian.yml:2
Using module file <REDACTED>/.envs/dg2/lib/python2.7/site-packages/ansible/modules/core/packaging/os/apt.py
<35.166.52.247> ESTABLISH LOCAL CONNECTION FOR USER: brianbruggeman
<35.166.52.247> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769 `" && echo ansible-tmp-1483799022.33-268449475843769="` echo $HOME/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769 `" ) && sleep 0'
<35.166.52.247> PUT /var/folders/r9/kv1j05355r34570x2f5wpxpr0000gn/T/tmpK2__II TO <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py
<35.166.52.247> EXEC /bin/sh -c 'chmod u+x <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/ <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py && sleep 0'
<35.166.52.247> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-owktjrfvqssjrqcetaxjkwowkzsqfitq; /usr/bin/python <REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/apt.py; rm -rf "<REDACTED>/.ansible/tmp/ansible-tmp-1483799022.33-268449475843769/" > /dev/null 2>&1'"'"' && sleep 0'
failed: [35.166.52.247] (item=[u'software-properties-common', u'python-software-properties', u'devscripts', u'build-essential', u'libffi-dev', u'libssl-dev', u'vim']) => {
"failed": true,
"invocation": {
"module_name": "apt"
},
"item": [
"software-properties-common",
"python-software-properties",
"devscripts",
"build-essential",
"libffi-dev",
"libssl-dev",
"vim"
],
"module_stderr": "sudo: a password is required\n",
"module_stdout": "",
"msg": "MODULE FAILURE"
}
to retry, use: --limit @<REDACTED>/ansible/<redacted playbook>.retry
PLAY RECAP *********************************************************************
127.0.0.1 : ok=6 changed=2 unreachable=0 failed=0
35.166.52.247 : ok=3 changed=1 unreachable=0 failed=1
remote_user: ansible
become: true
become_user: root
- name: nopasswd sudo for ansible user
lineinfile: "dest=/etc/sudoers state=present regexp='^{{ ansible_user }}' line='{{ ansible }} ALL=(ALL) NOPASSWD: ALL'"