为什么这个 ansible lineinfile 命令检查 /etc/sudoers 中的一行失败,而一个非常相似的命令成功了?

Why is this ansible lineinfile command to check for a line in /etc/sudoers failing when a very similar one is succeeding?

Kodi 运行ning 在 Raspberry Pi 上,我正在为此编写一个 Ansible 剧本。该剧本包括两项任务,检查 /etc/sudoers 中是否存在一行,一项始终通过,而另一项始终失败。我似乎无法确定原因;这两个任务的语法完全一样,而且这两行肯定都在 /etc/sudoers 文件中。我在下面包含了相关代码,我们将不胜感激任何输入。

/etc/sudoers:

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification
Cmnd_Alias      SHUTDOWN = /sbin/shutdown, /sbin/reboot, /sbin/halt, /usr/bin/passwd
Cmnd_Alias      PERMISSIONS = /bin/chmod, /bin/chown
# User privilege specification
root    ALL=(ALL) ALL
pi      ALL=(ALL) NOPASSWD: ALL
debian-transmission     ALL=(ALL) NOPASSWD: PERMISSIONS
Defaults env_keep += "RPI_UPDATE_UNSUPPORTED"
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d

剧本任务中的相关片段:

- name: set pi permissions in /etc/sudoers                                      
  lineinfile: "dest=/etc/sudoers                                                
              state=present                                                     
              line='pi      ALL=(ALL) NOPASSWD: ALL'                            
              validate='visudo -cf %s'"                                         

- name: set debian-transmission permissions in /etc/sudoers                     
  lineinfile: "dest=/etc/sudoers                                                
              state=present                                                     
              line='debian-transmission     ALL=(ALL) NOPASSWD: PERMISSIONS'    
              validate='visudo -cf %s'"                                         

(我知道第一个任务是不必要的,因为这是系统默认的,但我在试图弄清楚为什么另一个任务不起作用时添加了它只是为了证明一个观点。)

这是我 运行 剧本时的输出:

TASK: [kodi | start transmission-daemon again once settings.json has been copied] *** 
changed: [kodi]

TASK: [kodi | set pi permissions in /etc/sudoers] ***************************** 
ok: [kodi]

TASK: [kodi | set debian-transmission permissions in /etc/sudoers] ************ 
failed: [kodi] => {"cmd": "visudo -cf /tmp/tmpZNRBC3", "failed": true, "rc": 2}
msg: [Errno 2] No such file or directory

FATAL: all hosts have already failed -- aborting

我认为您可能正在经历 pull request #6652

中描述的情况

validate 中的 visudo 替换为 visudo 的完整路径,它应该可以工作。

- name: set debian-transmission permissions in /etc/sudoers                     
  lineinfile: "dest=/etc/sudoers                                                
              state=present                                                     
              line='debian-transmission     ALL=(ALL) NOPASSWD: PERMISSIONS'    
              validate='/usr/sbin/visudo -cf %s'"

您的第一个任务(具有 pi 用户权限)有效,因为所需的行已经在文件中并且不需要使用 visudo 进行验证。但是,必须添加带有 debian-transmission 的行并通过 visudo 验证(未找到)。