Shulou(Shulou.com)06/03 Report--

Ansible handoff user problem

​ in the actual production environment, the user of the application program is not allowed to log in directly, that is, the login user user1, the operating application is user2, need to complete the startup and shutdown of the application, and need to log in to user1 to switch the user2 operating application.

How can ​ solve this kind of problem in the practical application of ansible? by looking at the data in many ways, it is found that the parameter ansible_become can solve this problem perfectly.

Modify the configuration file to the following

[pro1] 192.168.0.226 ansible_ssh_user=user1 ansible_ssh_pass='passwd' ansible_become=true ansible_become_user=user2 ansible_become_pass='passwd' [pro2] 10.111.36.72 ansible_ssh_user=manager ansible_ssh_pass='O5e2#L9w'

The notes are as follows:

Ansible_user # ssh user ansible_ssh_pass # password ansible_port # ssh port ansible_become # true or false, whether to switch user ansible_become_method # method used by switching user, such as sudo, suansible_become_user # user to be switched ansible_become_pass # password required to switch user

Note:

There is also a very important question!

The blogger met today!

It is the same host, the same user login operation of different applications.

User1 can log in to normal operating applications normally.

User1 can log in and switch user2 operating applications normally.

Here there is the problem of conflict and contradiction!

Even if a group is specified in the ansible application group, user1 will automatically switch to a user2 user when executing any program!

How to solve this problem?

There are two ways to solve the problem by looking at the information and the help of your friends:

Method 1:

Do not use the bcome parameter in the hosts file and append it in the statement

Ansible-playbook / etc/ansible/pro1.yml-e "ansible_become='yes'ansible_become=true ansible_become_user='user2' ansible_become_pass='passwd'"

Method 2:

Here the blogger uses method 2 because the password has special characters that are difficult to deal with.

When looking at the host, I found that the host had multiple network cards, so I changed the ip address of pro2 to another intranet address. After testing, the two projects can be used normally!

Summary:

After testing, the parameter ansible_become=true, for the same host address, the same user will have an effect, even if you specify different packets, the priority is very high! There are many ways to solve the problem, and sometimes if you change the point of view, the problem can be easily solved.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.