所以
我正在学习 DevOps 工具。我在家庭服务器上的 Docker 容器中安装了 Ansible Semaphore 并创建了剧本。我在远程服务器上创建了一个 sudo 用户并添加了一个 SSH 密钥。但是,我的剧本(旨在安装 UFW 并打开端口 22、80 和 443)失败了,因为用户不是 root 并且缺乏执行命令的权限。为什么会发生这种情况?
---
- name: Installiere und konfiguriere UFW Firewall
hosts: all
become: yes
tasks:
- name: Installiere UFW
ansible.builtin.apt:
name: ufw
state: present
- name: Erlaube Port 22 (SSH)
ansible.builtin.ufw:
rule: allow
port: '22'
proto: tcp
- name: Erlaube Port 80 (HTTP)
ansible.builtin.ufw:
rule: allow
port: '80'
proto: tcp
- name: Erlaube Port 443 (HTTPS)
ansible.builtin.ufw:
rule: allow
port: '443'
proto: tcp
- name: Aktiviere UFW
ansible.builtin.ufw:
state: enabled
policy: deny
direction: incoming
- name: Reboote den Server
ansible.builtin.reboot:
这是我的 docker-compose.yml
services:
mysql:
restart: unless-stopped
image: mysql:8.0
hostname: mysql
ports:
- '${DB_PORT:-3306}:3306'
volumes:
- semaphore-mysql:/var/lib/mysql
environment:
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
MYSQL_DATABASE: semaphore
MYSQL_USER: "${DB_USER}"
MYSQL_PASSWORD: "${DB_PASSWORD}"
semaphore:
restart: unless-stopped
ports:
- '${SEMAPHORE_PORT:-3000}:3000'
image: semaphoreui/semaphore:latest
environment:
SEMAPHORE_DB_USER: "${DB_USER}"
SEMAPHORE_DB_PASS: "${DB_PASSWORD}"
SEMAPHORE_DB_HOST: mysql
SEMAPHORE_DB_PORT: 3306
SEMAPHORE_DB_DIALECT: mysql
SEMAPHORE_DB: semaphore
SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
SEMAPHORE_ADMIN_PASSWORD: '${SEMAPHORE_ADMIN_PASSWORD}'
SEMAPHORE_ADMIN_NAME: '${SEMAPHORE_ADMIN_NAME}'
SEMAPHORE_ADMIN_EMAIL: '${SEMAPHORE_ADMIN_EMAIL}'
SEMAPHORE_ADMIN: '${SEMAPHORE_ADMIN}'
SEMAPHORE_ACCESS_KEY_ENCRYPTION: '${SEMAPHORE_ACCESS_KEY_ENCRYPTION}'
depends_on:
- mysql
volumes:
semaphore-mysql:
10:17:50 PM
Task 30 added to queue
10:17:53 PM
Started: 30
10:17:53 PM
Run TaskRunner with template: Activate ufw
10:17:53 PM
Preparing: 30
10:17:53 PM
installing static inventory
10:17:53 PM
No collections/requirements.yml file found. Skip galaxy install process.
10:17:53 PM
No roles/requirements.yml file found. Skip galaxy install process.
10:17:59 PM
10:17:59 PM
PLAY [Installiere und konfiguriere UFW Firewall] *******************************
10:17:59 PM
10:17:59 PM
TASK [Gathering Facts] *********************************************************
10:18:06 PM
ok: [IP-Address]
10:18:06 PM
TASK [Installiere UFW] *********************************************************
10:18:06 PM
10:18:10 PM
ok: [IP-Address]
10:18:10 PM
10:18:10 PM
TASK [Erlaube Port 22 (SSH)] ***************************************************
10:18:12 PM
fatal: [IP-Address]: FAILED! => {"changed": false, "commands": ["/usr/sbin/ufw status verbose"], "msg": "ERROR: You need to be root to run this script\n"}
10:18:12 PM
10:18:12 PM
PLAY RECAP *********************************************************************
10:18:12 PM
IP-Address : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
10:18:12 PM
10:18:12 PM
Running playbook failed: exit status 2
答案1
为了帮助您解决实际发生的问题,您能否发布剧本执行的结果以及最后的错误?
您还可以在“become”之后添加以确保:
become_method: sudo
become_user: root
当你执行剧本时,你可以添加移动详细输出,添加:-v或-vv或-vvv甚至-vvv显示剧本的整个行为。