Ansible playbook: Requires sudo password [duplicat

2019-08-19 08:21发布

站内问答 / Python
1580 2 4

This question already has an answer here:

I am currently working with ansible and I want to automate dumping of my Remote DB and import the dumped file to my local DB. Now, I encountered some problem for using sudo to switch user.

playbook.yml

  ---
  - hosts: remoteserver
    vars:
      remote_db_name: dbname
      remote_filename: dbname_{{ lookup('pipe', 'date +%m-%d-%Y') }}
      local_folder: /home/alde/database_backups/

    tasks:
      - name: Dump database
        become: yes
        become_user: postgres
        shell: pg_dump -d {{remote_db_name}} > "{{remote_filename}}"

when I try to run ansible-playbook playbook.yml it returns: "sudo: a password is required"

enter image description here

What I have tried so far.

1) I tried this solution by adding sudo_flags.

ansible.cfg

[defaults]
sudo_flags = -H -S

then I got a different error when I execute my playbook: "Timeout (12s) waiting for privilege escalation prompt: "

enter image description here

2) I increased the timeout up to 30.

3) I added the default remote user to sudoers file

It's strange because there's no password prompt when I try to access my remote server using ssh and switch from default_user to postgres using sudo su - postgres

  • ansible 2.3.0.0
  • Python 2.7
  • Ubuntu 14.04

2条回答
Viruses.
2楼-- · 2019-08-19 08:58

The linked glossary says:

The default is ‘-H -S -n’ which sets the HOME environment variable, prompts for passwords via STDIN, and avoids prompting the user for input of any kind. Note that ‘-n’ will conflict with using password-less sudo auth, such as pam_ssh_agent_auth. In some situations you may wish to add or remove flags, but in general most users will not need to change this setting::

So I think that trying the -n flag as well would at least change something since it seems like you've changed it to waiting on authentication rather than there is no authentication with your last modification.

查看更多
0人赞 添加讨论(0) 举报
霸刀☆藐视天下
3楼-- · 2019-08-19 08:58

Try to add your root user under the host.

 ---
  - hosts: remoteserver
    remote_user: root
    become: yes
    become_user: root
    become_method: sudo
    vars:
      remote_db_name: dbname
      remote_filename: dbname_{{ lookup('pipe', 'date +%m-%d-%Y') }}
      local_folder: /home/alde/database_backups/

    tasks:
      - name: Dump database
        become: yes
        become_user: postgres
        shell: pg_dump -d {{remote_db_name}} > "{{remote_filename}}"

You can try to add the line to sudoer file (sudo visudo) <ssh user> ALL=(ALL) NOPASSWD:ALL and test it, maybe something is wrong there.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)