Ansible playbook с стать_method=pbrun не работает

Question

Ansible playbook с стать_method=pbrun не работает

Я новичок в Ansible. Я пытаюсь запустить команду как пользователь db, и у нас есть настройка pbrun для смены пользователей в моей компании.

Вот как определяется моя политика pbrun:

      [ RunAs User ]       [ Command ]
root                 /bin/su - couchbase
root                 /bin/su - enterprisedb

Из ansible.cfg (только часть привилегированного доступа):

      [privilege_escalation]
become=true
become_method=pbrun
become_user=''
become_ask_pass=False
become_flags: '/bin/su - enterprisedb'

Из сборника пьес:

      $ cat ping.yml
- name: Test
  hosts: all
  gather_facts: false
  any_errors_fatal: false
  tasks:
  - shell: whoami
    register: output

  - debug:
      msg: "{{output.stdout}}"

Ниже показано, как я запускаю playbook. ansible-playbook -i sample.host1.list ping.yml -k -vvvv

Выход :

      $ ansible-playbook -i sample.host1.list ping.yml -k -vvvv
ansible-playbook 2.8.12
  config file = /home/ads_username/ansible_work_dir/ansible.cfg
  configured module search path = [u'/adshome/ads_username/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.5 (default, Sep 26 2019, 13:23:47) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Using /home/ads_username/ansible_work_dir/ansible.cfg as config file
SSH password:
setting up inventory plugins
host_list declined parsing /home/ads_username/ansible_work_dir/sample.host1.list as it did not pass it's verify_file() method
auto declined parsing /home/ads_username/ansible_work_dir/sample.host1.list as it did not pass it's verify_file() method
yaml declined parsing /home/ads_username/ansible_work_dir/sample.host1.list as it did not pass it's verify_file() method
Parsed /home/ads_username/ansible_work_dir/sample.host1.list inventory source with ini plugin
Loading callback plugin debug of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/debug.pyc
Loading callback plugin profile_tasks of type aggregate, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/profile_tasks.pyc

PLAYBOOK: ping.yml ******************************************************************************************************************************************
Positional arguments: ping.yml
ask_pass: True
become_method: pbrun
inventory: (u'/home/ads_username/ansible_work_dir/sample.host1.list',)
forks: 5
tags: (u'all',)
verbosity: 4
connection: paramiko
timeout: 10
become: True
1 plays in ping.yml

PLAY [Adding VM to inventory] *******************************************************************************************************************************
META: ran handlers

TASK [shell] ************************************************************************************************************************************************
task path: /home/ads_username/ansible_work_dir/ping.yml:6
Wednesday 10 November 2021  15:21:32 -0700 (0:00:00.053)       0:00:00.053 ****
<server_name.region.company.com> ESTABLISH PARAMIKO SSH CONNECTION FOR USER: None on PORT 22 TO server_name.region.company.com
<server_name.region.company.com> EXEC /bin/bash -c '( umask 77 && mkdir -p "` echo /tmp `"&& mkdir /tmp/ansible-tmp-1636582892.39-15614-57850062632655 && echo ansible-tmp-1636582892.39-15614-57850062632655="` echo /tmp/ansible-tmp-1636582892.39-15614-57850062632655 `" ) && sleep 0'
<server_name.region.company.com> Attempting python interpreter discovery
<server_name.region.company.com> EXEC /bin/bash -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<server_name.region.company.com> Python interpreter discovery fallback (pipelining support required for extended interpreter discovery)
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<server_name.region.company.com> PUT /adshome/ads_username/.ansible/tmp/ansible-local-155953Afqz2/tmpgNQgMu TO /tmp/ansible-tmp-1636582892.39-15614-57850062632655/AnsiballZ_command.py
<server_name.region.company.com> EXEC /bin/bash -c 'chmod u+x /tmp/ansible-tmp-1636582892.39-15614-57850062632655/ /tmp/ansible-tmp-1636582892.39-15614-57850062632655/AnsiballZ_command.py && sleep 0'
<server_name.region.company.com> EXEC /bin/bash -c 'echo BECOME-SUCCESS-sgemmsfapenzvcsbxdnbjneynirmhzkl; echo "/usr/bin/python /tmp/ansible-tmp-1636582892.39-15614-57850062632655/AnsiballZ_command.py"|pbrun /bin/su - enterprisedb  && sleep 0'
<server_name.region.company.com> EXEC /bin/bash -c 'rm -f -r /tmp/ansible-tmp-1636582892.39-15614-57850062632655/ > /dev/null 2>&1 && sleep 0'
[WARNING]: Platform linux on host server_name.region.company.com is using the discovered Python interpreter at /usr/bin/python, but future installation of
another Python interpreter could change this. See https://docs.ansible.com/ansible/2.8/reference_appendices/interpreter_discovery.html for more information.

fatal: [server_name.region.company.com]: FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "rc": 2
}

MSG:

MODULE FAILURE
See stdout/stderr for the exact error


MODULE_STDOUT:

Last login: Wed Nov 10 15:21:02 MST 2021
/usr/bin/python: can't open file '/tmp/ansible-tmp-1636582892.39-15614-57850062632655/AnsiballZ_command.py': [Errno 13] Permission denied



PLAY RECAP **************************************************************************************************************************************************
server_name.region.company.com : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Wednesday 10 November 2021  15:21:35 -0700 (0:00:03.141)       0:00:03.194 ****
===============================================================================
shell ------------------------------------------------------------------------------------------------------------------------------------------------ 3.14s
/home/ads_username/ansible_work_dir/ping.yml:6 --------------------------------------------------------------------------------------------------------------------

Пожалуйста, помогите мне понять, что не так в моей настройке, и возможно ли сделать это, не меняя ничего в моей политике pbrun.

1

ansible pbrun

Источник

11 ноя '21 в 01:35

0 ответов

Другие вопросы по тегам ansible pbrun