2016-04-21 105 views
2

我有以下Ansible劇本到整個集羣做包更新:與共享NFS服務器上運行的劇本

- hosts: cluster 
    become: true 
    become_user: root 
    tasks: 
    - name: updates a server 
    apt: update_cache=yes 
    - name: upgrade a server 
    apt: upgrade=full 

當我運行它,那就是NFS控制器節點都執行得很好,但在有一個NFS掛載的主目錄的兩個節點失敗,出現以下錯誤:

$ansible-playbook upgrade-servers.yml -K 
SUDO password: 

PLAY *************************************************************************** 

TASK [setup] ******************************************************************* 
fatal: [nej-worker2]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "\r\n/usr/bin/python: can't open file '/home/gms/.ansible/tmp/ansible-tmp-1461269057.4-144211747884693/setup': [Errno 13] Permission denied\r\n", "msg": "MODULE FAILURE", "parsed": false} 
ok: [iznej] 
fatal: [nej-worker1]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "\r\n/usr/bin/python: can't open file '/home/gms/.ansible/tmp/ansible-tmp-1461269057.4-16590584976890/setup': [Errno 13] Permission denied\r\n", "msg": "MODULE FAILURE", "parsed": false} 

TASK [updates a server] ******************************************************** 
ok: [iznej] 

TASK [upgrade a server] ******************************************************** 
changed: [iznej] 

NO MORE HOSTS LEFT ************************************************************* 

PLAY RECAP ********************************************************************* 
iznej      : ok=3 changed=1 unreachable=0 failed=0 
nej-worker1    : ok=0 changed=0 unreachable=0 failed=1 
nej-worker2    : ok=0 changed=0 unreachable=0 failed=1 

我已經運行在股pip類似的問題,與修訂是重定向使用--set-build build目錄...我假設這一點是Ansible的問題,因爲它在NFS控制器上工作,而不是在服務器上使用共享/掛載驅動器。

回答

3

明白了。需要將remote_tmp = /tmp/.ansible添加到我的ansible.cfg文件中。看到這裏Ansible config parameters瞧!

問題是,當Ansible執行sudo時,根帳戶不是NFS掛載共享上的用戶帳戶。

0

報價RHEL 6安全指南:

"By default, NFS shares change the root user to the nfsnobody user, an unprivileged user account. This changes the owner of all root-created files to nfsnobody, which prevents uploading of programs with the setuid bit set. If no_root_squash [option] is used, remote root users are able to change any file on the shared file system and leave applications infected by Trojans for other users to inadvertently execute."

換句話說,這是一個默認的和安全的NFS行爲。