我有这个 ubuntu Cleaner 的 yaml
---
- name: Clean up system files
hosts: pc
remote_user: user
become: yes
vars:
ansible_become_password: "{{ vault_password }}"
tasks:
- name: Clean apt cache using apt-get
ansible.builtin.command:
cmd: apt-get clean
- name: Remove unused packages and dependencies
ansible.builtin.apt:
autoremove: yes
autoclean: yes
- name: Remove old compressed log files
ansible.builtin.find:
paths: "/var/log"
patterns: "*.gz"
age: "1w"
recurse: no
register: log_files
- name: Delete old compressed log files
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
loop: "{{ log_files.files }}"
when: log_files.files|length > 0
- name: Remove thumbnail cache
ansible.builtin.file:
path: "~/.cache/thumbnails/*"
state: absent
- name: Remove old snap revisions
ansible.builtin.shell: |
set -eu
snap list --all | awk '/disabled/{print $1, $3}' |
while read snapname revision; do
sudo snap remove "$snapname" --revision="$revision"
done
args:
executable: /bin/bash
我创建了 ansible-vault 密码并在文件中输入密码。但我收到信号量权限被拒绝的错误
答案1
您正在become: yes
全球使用。我不建议这样做,但在每项任务中都使用它。当然,除非所有任务都需要 sudo 权限。
这里:
tasks:
- name: Clean apt cache using apt-get
ansible.builtin.command:
cmd: apt-get clean
您可能想使用ansible.builtin.apt 模块。此外,您需要以特权运行它:
tasks:
- name: Clean apt cache using apt-get
ansible.builtin.apt:
clean: True
become: True
另外,如果您可能会混淆一些概念:
该ansible_become_password
和该vault_password
是不同的东西。
而 是ansible_become_password
您想要成为的用户的密码(请参阅特权升级n),这vault_password
是您用来解密用户实际密码的密码,该密码存储在 Ansible Vault 中。