在我的 Ubuntu 18.04 VM 上使用此 Ansible 任务,该任务失败并显示如下消息
“身份验证或权限失败。某些情况下,您可能已经能够身份验证,但对目标目录没有权限。请考虑将ansible.cfg中的远程tmp路径更改为以\“/tmp\”为根的路径。失败命令是:[...]
( umask 77 && mkdir -p \"echo /home/alan-sysop/.ansible/tmp/ansible-tmp-1529057459.23-56386111798122\" &&
为什么?
对于 Debian 9 VM,相同的任务可以成功完成。过去,我成功地使用 Ansible 控制 Ubuntu 16.04 虚拟机。
编辑:如果我以三重详细程度(选项-vvv)运行 Ansible,则会有更多输出,并且我可以找到更具体的错误消息:
mkdir:无法创建目录 \xe2\x80\x98/home/alan-sysop/.ansible\xe2\x80\x99:权限被拒绝。
Ansible 命令和输出(-v详细级别 1)
$ ansible-playbook -b -K -v playbooks/all-bootstrap.yml -l ubuntu1804-vm -t copy-test
Using /home/alan-sysop/ansible/ansible.cfg as config file
SUDO password:
PLAY [all] *********************************************************************
TASK [ansible-target : Basic test of copy module] ******************************
fatal: [ubuntu1804-vm]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/alan-sysop/.ansible/tmp/ansible-tmp-1529057459.23-56386111798122 `\" && echo ansible-tmp-1529057459.23-56386111798122=\"` echo /home/alan-sysop/.ansible/tmp/ansible-tmp-1529057459.23-56386111798122 `\" ), exited with result 1", "unreachable": true}
PLAY RECAP *********************************************************************
ubuntu1804-vm : ok=0 changed=0 unreachable=1 failed=0
Ansible 命令和输出(详细-vvv级别为 3)
$ ansible-playbook -b -K -vvv playbooks/all-bootstrap.yml -l ubuntu1804-vm -t copy-test
ansible-playbook 2.5.2
config file = /home/alan-sysop/ansible/ansible.cfg
configured module search path = [u'/home/alan-sysop/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.15 (default, May 16 2018, 17:50:09) [GCC 8.1.1 20180502 (Red Hat 8.1.1-1)]
Using /home/alan-sysop/ansible/ansible.cfg as config file
SUDO password:
Parsed /home/alan-sysop/ansible/inventory inventory source with ini plugin
statically imported: /home/alan-sysop/ansible/roles/ansible-target/tasks/main-tasks.yml
statically imported: /home/alan-sysop/ansible/roles/ansible-target/tasks/raw.yml
statically imported: /home/alan-sysop/ansible/roles/ansible-target/tasks/nonraw.yml
PLAYBOOK: all-bootstrap.yml **************************************************************************************************************************
1 plays in playbooks/all-bootstrap.yml
PLAY [all] *******************************************************************************************************************************************
META: ran handlers
TASK [ansible-target : Basic test of copy module] ****************************************************************************************************
task path: /home/alan-sysop/ansible/roles/ansible-target/tasks/nonraw.yml:78
<ubuntu1804-vm.local> ESTABLISH SSH CONNECTION FOR USER: None
<ubuntu1804-vm.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alan-sysop/.ansible/cp/2b9a0eeef8 ubuntu1804-vm.local '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<ubuntu1804-vm.local> (0, '/home/alan-sysop\n', '')
<ubuntu1804-vm.local> ESTABLISH SSH CONNECTION FOR USER: None
<ubuntu1804-vm.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alan-sysop/.ansible/cp/2b9a0eeef8 ubuntu1804-vm.local '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/alan-sysop/.ansible/tmp/ansible-tmp-1529058132.74-222830721646724 `" && echo ansible-tmp-1529058132.74-222830721646724="` echo /home/alan-sysop/.ansible/tmp/ansible-tmp-1529058132.74-222830721646724 `" ) && sleep 0'"'"''
<ubuntu1804-vm.local> (1, '', 'mkdir: cannot create directory \xe2\x80\x98/home/alan-sysop/.ansible\xe2\x80\x99: Permission denied\n')
fatal: [ubuntu1804-vm]: UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /home/alan-sysop/.ansible/tmp/ansible-tmp-1529058132.74-222830721646724 `\" && echo ansible-tmp-1529058132.74-222830721646724=\"` echo /home/alan-sysop/.ansible/tmp/ansible-tmp-1529058132.74-222830721646724 `\" ), exited with result 1",
"unreachable": true
}
PLAY RECAP *******************************************************************************************************************************************
ubuntu1804-vm : ok=0 changed=0 unreachable=1 failed=0
作为比较,Debian 9 VM 的任务成功
$ ansible-playbook -b -K -v playbooks/all-bootstrap.yml -l debian9-vm -t copy-test
Using /home/alan-sysop/ansible/ansible.cfg as config file
SUDO password:
PLAY [all] *********************************************************************
TASK [ansible-target : Basic test of copy module] ******************************
changed: [debian9-vm] => {"changed": true, "checksum": "27b41e0724c1aa99931b9e753b639563e3996257", "dest": "/ansible-managed/ansible-target/test-file.txt", "gid": 0, "group": "root", "md5sum": "145fab51c12c1f30714dd15c536f0a7a", "mode": "0644", "owner": "root", "size": 56, "src": "/home/alan-sysop/.ansible/tmp/ansible-tmp-1529057600.23-245931452134186/source", "state": "file", "uid": 0}
PLAY RECAP *********************************************************************
debian9-vm : ok=1 changed=1 unreachable=0 failed=0
(并且该任务按照预期是幂等的。如果我再次运行它,它表示系统已经处于所需状态;无需进行任何更改。)
$ ansible-playbook -b -K -v playbooks/all-bootstrap.yml -l debian9-vm -t copy-test
Using /home/alan-sysop/ansible/ansible.cfg as config file
SUDO password:
PLAY [all] *********************************************************************
TASK [ansible-target : Basic test of copy module] ******************************
ok: [debian9-vm] => {"changed": false, "checksum": "27b41e0724c1aa99931b9e753b639563e3996257", "dest": "/ansible-managed/ansible-target/test-file.txt", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/ansible-managed/ansible-target/test-file.txt", "size": 56, "state": "file", "uid": 0}
PLAY RECAP *********************************************************************
debian9-vm : ok=1 changed=0 unreachable=0 failed=0
Ansible任务
剧本文件all-bootstrap.yml如下所示:
- name: Basic test of copy module
copy:
src: test-file.txt
dest: /ansible-managed/ansible-target/
tags: "copy-test"
test-file.txt包含一行:
This file is used as a test of the Ansible copy module.
Ansible版本
$ ansible-playbook --version
ansible-playbook 2.5.2
config file = /home/alan-sysop/ansible/ansible.cfg
configured module search path = [u'/home/alan-sysop/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.15 (default, May 16 2018, 17:50:09) [GCC 8.1.1 20180502 (Red Hat 8.1.1-1)]
从 Fedora Workstation 28 的存储库安装。
答案1
它说“mkdir:无法创建目录 \xe2\x80\x98/home/alan-sysop/.ansible\xe2\x80\x99:权限被拒绝”。
失败的命令似乎发生在 Ansible 使用之前。[1] Ansible由于权限原因sudo无法写入:/home/alan-sysop/.ansible
alan-sysop@ubuntu1804-vm:~$ ls -ld /home/alan-sysop/.ansible
drwx------ 3 root root 4096 Jun 14 20:33 /home/alan-sysop/.ansible
据我所知,错误的权限是当我在虚拟机上本地运行 Ansible 命令时引起的sudo ansible-playbook -c local --limit ubuntu1804-vm ...:如果我使用的话,我可以避免设置这些错误的权限ansible-playbook -b -K -c local --limit ubuntu1804-vm ...。
证据
[1] Ansible 详细级别 3 输出显示它如何运行失败的命令。看起来它并没有sudo在任何地方使用。
<ubuntu1804-vm.local> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alan-sysop/.ansible/cp/2b9a0eeef8; '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/alan-sysop/.ansible/tmp/ansible-tmp-1529058132.74-222830721646724 `" && echo ansible-tmp-1529058132.74-222830721646724="` echo /home/alan-sysop/.ansible/tmp/ansible-tmp-1529058132.74-222830721646724`" ) && sleep 0'"'"''`
<ubuntu1804-vm.local> (1, '', 'mkdir: cannot create directory \xe2\x80\x98/home/alan-sysop/.ansible\xe2\x80\x99: Permission denied\n')
答案2
Linux 有时会由于某些磁盘故障或损坏而自动将文件系统重新安装为只读。我的情况发生了这种情况,然后由于无法写入目的地,因此显示了相同的消息。在某些情况下,如果可能的话,命令“mount -oremount,rw file system”应该可以纠正此问题,或者重新启动。 “再说一次,这就是我的案例中发生的事情”。看看这是否也发生在你身上。