为什么这个 ansible lineinfile 命令检查 /etc/sudoers 中的一行失败,而一个非常相似的命令成功了?
Why is this ansible lineinfile command to check for a line in /etc/sudoers failing when a very similar one is succeeding?
我 Kodi 运行ning 在 Raspberry Pi 上,我正在为此编写一个 Ansible 剧本。该剧本包括两项任务,检查 /etc/sudoers
中是否存在一行,一项始终通过,而另一项始终失败。我似乎无法确定原因;这两个任务的语法完全一样,而且这两行肯定都在 /etc/sudoers
文件中。我在下面包含了相关代码,我们将不胜感激任何输入。
/etc/sudoers
:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown, /sbin/reboot, /sbin/halt, /usr/bin/passwd
Cmnd_Alias PERMISSIONS = /bin/chmod, /bin/chown
# User privilege specification
root ALL=(ALL) ALL
pi ALL=(ALL) NOPASSWD: ALL
debian-transmission ALL=(ALL) NOPASSWD: PERMISSIONS
Defaults env_keep += "RPI_UPDATE_UNSUPPORTED"
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
剧本任务中的相关片段:
- name: set pi permissions in /etc/sudoers
lineinfile: "dest=/etc/sudoers
state=present
line='pi ALL=(ALL) NOPASSWD: ALL'
validate='visudo -cf %s'"
- name: set debian-transmission permissions in /etc/sudoers
lineinfile: "dest=/etc/sudoers
state=present
line='debian-transmission ALL=(ALL) NOPASSWD: PERMISSIONS'
validate='visudo -cf %s'"
(我知道第一个任务是不必要的,因为这是系统默认的,但我在试图弄清楚为什么另一个任务不起作用时添加了它只是为了证明一个观点。)
这是我 运行 剧本时的输出:
TASK: [kodi | start transmission-daemon again once settings.json has been copied] ***
changed: [kodi]
TASK: [kodi | set pi permissions in /etc/sudoers] *****************************
ok: [kodi]
TASK: [kodi | set debian-transmission permissions in /etc/sudoers] ************
failed: [kodi] => {"cmd": "visudo -cf /tmp/tmpZNRBC3", "failed": true, "rc": 2}
msg: [Errno 2] No such file or directory
FATAL: all hosts have already failed -- aborting
我认为您可能正在经历 pull request #6652
中描述的情况
将 validate
中的 visudo
替换为 visudo
的完整路径,它应该可以工作。
- name: set debian-transmission permissions in /etc/sudoers
lineinfile: "dest=/etc/sudoers
state=present
line='debian-transmission ALL=(ALL) NOPASSWD: PERMISSIONS'
validate='/usr/sbin/visudo -cf %s'"
您的第一个任务(具有 pi
用户权限)有效,因为所需的行已经在文件中并且不需要使用 visudo
进行验证。但是,必须添加带有 debian-transmission
的行并通过 visudo
验证(未找到)。
我 Kodi 运行ning 在 Raspberry Pi 上,我正在为此编写一个 Ansible 剧本。该剧本包括两项任务,检查 /etc/sudoers
中是否存在一行,一项始终通过,而另一项始终失败。我似乎无法确定原因;这两个任务的语法完全一样,而且这两行肯定都在 /etc/sudoers
文件中。我在下面包含了相关代码,我们将不胜感激任何输入。
/etc/sudoers
:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown, /sbin/reboot, /sbin/halt, /usr/bin/passwd
Cmnd_Alias PERMISSIONS = /bin/chmod, /bin/chown
# User privilege specification
root ALL=(ALL) ALL
pi ALL=(ALL) NOPASSWD: ALL
debian-transmission ALL=(ALL) NOPASSWD: PERMISSIONS
Defaults env_keep += "RPI_UPDATE_UNSUPPORTED"
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
剧本任务中的相关片段:
- name: set pi permissions in /etc/sudoers
lineinfile: "dest=/etc/sudoers
state=present
line='pi ALL=(ALL) NOPASSWD: ALL'
validate='visudo -cf %s'"
- name: set debian-transmission permissions in /etc/sudoers
lineinfile: "dest=/etc/sudoers
state=present
line='debian-transmission ALL=(ALL) NOPASSWD: PERMISSIONS'
validate='visudo -cf %s'"
(我知道第一个任务是不必要的,因为这是系统默认的,但我在试图弄清楚为什么另一个任务不起作用时添加了它只是为了证明一个观点。)
这是我 运行 剧本时的输出:
TASK: [kodi | start transmission-daemon again once settings.json has been copied] ***
changed: [kodi]
TASK: [kodi | set pi permissions in /etc/sudoers] *****************************
ok: [kodi]
TASK: [kodi | set debian-transmission permissions in /etc/sudoers] ************
failed: [kodi] => {"cmd": "visudo -cf /tmp/tmpZNRBC3", "failed": true, "rc": 2}
msg: [Errno 2] No such file or directory
FATAL: all hosts have already failed -- aborting
我认为您可能正在经历 pull request #6652
中描述的情况将 validate
中的 visudo
替换为 visudo
的完整路径,它应该可以工作。
- name: set debian-transmission permissions in /etc/sudoers
lineinfile: "dest=/etc/sudoers
state=present
line='debian-transmission ALL=(ALL) NOPASSWD: PERMISSIONS'
validate='/usr/sbin/visudo -cf %s'"
您的第一个任务(具有 pi
用户权限)有效,因为所需的行已经在文件中并且不需要使用 visudo
进行验证。但是,必须添加带有 debian-transmission
的行并通过 visudo
验证(未找到)。