如何修復使用Ansible安裝軟件包時拒絕錯誤的權限？

Question

我想寫一個簡單的Ansible Playbook，請看下面的代碼片段。使用Ansible 2.4.0.0，Ubuntu 17.04，Python 2.7.13。 這是我第一次使用Ansible和Playbooks，所以請不要太苛刻。我究竟做錯了什麼？

playbook.yml

--- 
- name: install packages 
    hosts: dbservers 
    become: yes 
    become_method: sudo 
    become_user: user 

    tasks: 
    - name: Update repositories cache and install "python-minimal" package 
    apt: 
    name: python-minimal 
    update_cache: yes 

hosts文件

--- 
[dbservers] 
db ansible_host=127.0.0.1 ansible_port=22 ansible_user=user ansible_ssh_pass=pass ansible_become_pass=pass ansible_become_user=user 

命令：以下錯誤ansible-playbook -i hosts playbook.yml -vvv

命令以上的回報：

The full traceback is: 
    File "/tmp/ansible_yozgsn/ansible_module_apt.py", line 287, in <module> 
    import apt 

fatal: [db]: FAILED! => { 
    "changed": false, 
    "cmd": "apt-get update", 
    "failed": true, 
    "invocation": { 
     "module_args": { 
      "allow_unauthenticated": false, 
      "autoclean": false, 
      "autoremove": false, 
      "cache_valid_time": 0, 
      "deb": null, 
      "default_release": null, 
      "dpkg_options": "force-confdef,force-confold", 
      "force": false, 
      "force_apt_get": false, 
      "install_recommends": null, 
      "name": "python-minimal", 
      "only_upgrade": false, 
      "package": [ 
       "python-minimal" 
      ], 
      "purge": false, 
      "state": "present", 
      "update_cache": true, 
      "upgrade": null 
     } 
    }, 
    "msg": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)", 
    "rc": 100, 
    "stderr": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)\n", 
    "stderr_lines": [ 
     "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)", 
     "E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)", 
     "E: Unable to lock directory /var/lib/apt/lists/", 
     "W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)", 
     "W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)" 
    ], 
    "stdout": "Reading package lists...\n", 
    "stdout_lines": [ 
     "Reading package lists..." 
    ] 
} 

編輯：如果我連接到CT通過SSH到同一臺機器我可以手動更新apt-cache並使用相同的用戶安裝軟件包（使用sudo）。如果我在Playbook中運行命令'whoami'，它將返回預期結果（用戶名）。

Answer 1

如果您的用戶sudo訪問，使用become: -

tasks: 
    - name: Update repositories cache and install "python-minimal" package 
    become: yes 
    apt: 
     name: python-minimal 
     update_cache: yes 

Answer 2

我想你混淆become_user和remote_user。 remote_user是Ansible將用於ssh到服務器的用戶，而become_user是Ansible將切換到並在服務器上運行任務的用戶。您可以在Ansible's docs內找到更多有關become_user和remote_user的信息。

所以這裏發生了什麼是你的劇本試圖成爲「用戶」用戶和安裝軟件包。它不是以root身份安裝軟件包，而這正是您所需要的。要解決此問題，您可以從您的劇本中刪除become_user參數（become_user默認爲root），或者您可以將become_user參數添加到您的任務。

- name: Update repositories cache and install "python-minimal" package 
    apt: 
    name: python-minimal 
    update_cache: yes 
    become_user: root