我正在编写一个需要创建新用户的 ansible 角色 之前的所有任务
- name: Creazione utente
user:
name: oper1
state: present
工作没有任何问题,此后的任何任务都会导致
fatal: [default]: UNREACHABLE! => {"changed": false, "msg":
"Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv.
Failed command was:
( umask 77 &&
mkdir -p \"` echo /home/**oper1**/.ansible/tmp `\" &&
mkdir \"` echo /home/oper1/.ansible/tmp/ansible-tmp-1730129273.9595325-2556995-78298725368745 `\" &&
echo ansible-tmp-1730129273.9595325-2556995-78298725368745=\"`
echo /home/oper1/.ansible/tmp/ansible-tmp-1730129273.9595325-2556995-78298725368745 `\" ),
exited with result 1", "unreachable": true}
简而言之,就像ansible想要开始使用新用户来启动以下任务
我尝试过的一些解决方法:
如果有人可以帮助我,请提前致谢
主要原因是:创建用户后,ansible尝试使用新创建的用户的env执行一些任务,但新用户没有所需的权限。
我在创建新用户时使用如下。它动态适应系统配置并很好地处理边缘情况:
---
- name: Get Existing Groups
getent:
database: group
- name: Check if user already exists
ansible.builtin.shell: |
id -u {{ user_name }}
register: user_check
ignore_errors: yes
- name: Fail if user already exists
ansible.builtin.fail:
msg: "User '{{ user_name }}' already exists."
when: user_check.rc == 0
- name: Create new user
ansible.builtin.user:
name: "{{ user_name }}"
shell: /bin/bash
createhome: yes
groups: "{{ ['sudo', 'adm', 'wheel'] | intersect(ansible_facts['getent_group'] | list) }}"
password: "{{ ansible_become_password | password_hash('sha512') }}"
update_password: on_create
become: true
become_user: root
when: user_check.rc != 0