如何使用交互式身份验证修复 systemctl?
How to fix systemctl with interactive authentication?
我有一个配置 jenkins 的 ansible 剧本,这个剧本是 运行 作为 cloud-init-script 的一部分。
但是它在 jenkins 重启期间失败了。谁能告诉我它要求什么交互式身份验证以及我应该如何解决这个问题?
版本:
ansible==2.9.6
jenkins_version: 2.176.3
代码:
- name: Restart Jenkins
service:
name: jenkins
state: restarted
- name: Wait for Jenkins to start up
uri:
url: http://localhost:8080
user: "{{ jenkins_admin_username }}"
password: "{{ jenkins_admin_password }}"
force_basic_auth: true
status_code: 200
timeout: 5
register: jenkins_service_status
# Keep trying for 5 mins in 5 sec intervals
retries: 60
delay: 5
until: >
'status' in jenkins_service_status and
jenkins_service_status['status'] == 200
错误:
TASK [master : Restart Jenkins] ************************************************
task path: /opt/ihr-kopsfather/ansible-ihr-kopsfather/roles/master/tasks/restart_jenkins.yml:2
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp/ansible-tmp-1597803601.9555757-44587295762829 `" && echo ansible-tmp-1597803601.9555757-44587295762829="` echo /var/tmp/ansible-tmp-1597803601.9555757-44587295762829 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/system/systemd.py
<127.0.0.1> PUT /root/.ansible/tmp/ansible-local-19289oaudtdeg/tmprianjznn TO /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/AnsiballZ_systemd.py
<127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:jenkins:r-x /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/ /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/AnsiballZ_systemd.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n -u jenkins /bin/sh -c '"'"'echo BECOME-SUCCESS-egbsbalzblxddrdjyadziewvzilaaacg ; /usr/bin/python3 /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/AnsiballZ_systemd.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/ > /dev/null 2>&1 && sleep 0'
fatal: [127.0.0.1]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"daemon_reexec": false,
"daemon_reload": false,
"enabled": null,
"force": null,
"masked": null,
"name": "jenkins",
"no_block": false,
"scope": null,
"state": "restarted",
"user": null
}
},
"msg": "Unable to restart service jenkins: Failed to restart jenkins.service: Interactive authentication required.\nSee system logs and 'systemctl status jenkins.service' for details.\n"
systemctl 详细信息:
sudo systemctl status jenkins.service
● jenkins.service - LSB: Start Jenkins at boot time
Loaded: loaded (/etc/init.d/jenkins; generated)
Active: active (exited) since Wed 2020-08-19 02:18:09 UTC; 8min ago
Docs: man:systemd-sysv-generator(8)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/jenkins.service
Aug 19 02:18:08 ip-10-23-11-7 systemd[1]: Starting LSB: Start Jenkins at boot time...
Aug 19 02:18:08 ip-10-23-11-7 jenkins[27353]: Correct java version found
Aug 19 02:18:08 ip-10-23-11-7 jenkins[27353]: * Starting Jenkins Automation Server jenkins
Aug 19 02:18:08 ip-10-23-11-7 su[27402]: Successful su for jenkins by root
Aug 19 02:18:08 ip-10-23-11-7 su[27402]: + ??? root:jenkins
Aug 19 02:18:08 ip-10-23-11-7 su[27402]: pam_unix(su:session): session opened for user jenkins by (uid=0)
Aug 19 02:18:08 ip-10-23-11-7 su[27402]: pam_unix(su:session): session closed for user jenkins
Aug 19 02:18:09 ip-10-23-11-7 jenkins[27353]: ...done.
Aug 19 02:18:09 ip-10-23-11-7 systemd[1]: Started LSB: Start Jenkins at boot time.
很可能您正在使用不允许执行这些 systemctl 操作的用户登录目标。因此,您可能需要将 become: true 添加到您的任务中(请参阅 documentation on become):
- name: Restart Jenkins
become: true
service:
name: jenkins
state: restarted
task:
become: yes
- name: Restart Jenkins
service:
name: jenkins
state: stopped
- name: Restart Jenkins
service:
name: jenkins
state: started
注意:请检查缩进。
如果你想要 start/stop 服务你也可以在脚本开始时提到 become=yes 这样它就不会要求你在你想要 start/stop 的所有地方手动添加同一文件中的服务。
我有一个配置 jenkins 的 ansible 剧本,这个剧本是 运行 作为 cloud-init-script 的一部分。
但是它在 jenkins 重启期间失败了。谁能告诉我它要求什么交互式身份验证以及我应该如何解决这个问题?
版本: ansible==2.9.6 jenkins_version: 2.176.3
代码:
- name: Restart Jenkins
service:
name: jenkins
state: restarted
- name: Wait for Jenkins to start up
uri:
url: http://localhost:8080
user: "{{ jenkins_admin_username }}"
password: "{{ jenkins_admin_password }}"
force_basic_auth: true
status_code: 200
timeout: 5
register: jenkins_service_status
# Keep trying for 5 mins in 5 sec intervals
retries: 60
delay: 5
until: >
'status' in jenkins_service_status and
jenkins_service_status['status'] == 200
错误:
TASK [master : Restart Jenkins] ************************************************
task path: /opt/ihr-kopsfather/ansible-ihr-kopsfather/roles/master/tasks/restart_jenkins.yml:2
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp/ansible-tmp-1597803601.9555757-44587295762829 `" && echo ansible-tmp-1597803601.9555757-44587295762829="` echo /var/tmp/ansible-tmp-1597803601.9555757-44587295762829 `" ) && sleep 0'
Using module file /usr/local/lib/python3.6/dist-packages/ansible/modules/system/systemd.py
<127.0.0.1> PUT /root/.ansible/tmp/ansible-local-19289oaudtdeg/tmprianjznn TO /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/AnsiballZ_systemd.py
<127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:jenkins:r-x /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/ /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/AnsiballZ_systemd.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -n -u jenkins /bin/sh -c '"'"'echo BECOME-SUCCESS-egbsbalzblxddrdjyadziewvzilaaacg ; /usr/bin/python3 /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/AnsiballZ_systemd.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1597803601.9555757-44587295762829/ > /dev/null 2>&1 && sleep 0'
fatal: [127.0.0.1]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"daemon_reexec": false,
"daemon_reload": false,
"enabled": null,
"force": null,
"masked": null,
"name": "jenkins",
"no_block": false,
"scope": null,
"state": "restarted",
"user": null
}
},
"msg": "Unable to restart service jenkins: Failed to restart jenkins.service: Interactive authentication required.\nSee system logs and 'systemctl status jenkins.service' for details.\n"
systemctl 详细信息:
sudo systemctl status jenkins.service
● jenkins.service - LSB: Start Jenkins at boot time
Loaded: loaded (/etc/init.d/jenkins; generated)
Active: active (exited) since Wed 2020-08-19 02:18:09 UTC; 8min ago
Docs: man:systemd-sysv-generator(8)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/jenkins.service
Aug 19 02:18:08 ip-10-23-11-7 systemd[1]: Starting LSB: Start Jenkins at boot time...
Aug 19 02:18:08 ip-10-23-11-7 jenkins[27353]: Correct java version found
Aug 19 02:18:08 ip-10-23-11-7 jenkins[27353]: * Starting Jenkins Automation Server jenkins
Aug 19 02:18:08 ip-10-23-11-7 su[27402]: Successful su for jenkins by root
Aug 19 02:18:08 ip-10-23-11-7 su[27402]: + ??? root:jenkins
Aug 19 02:18:08 ip-10-23-11-7 su[27402]: pam_unix(su:session): session opened for user jenkins by (uid=0)
Aug 19 02:18:08 ip-10-23-11-7 su[27402]: pam_unix(su:session): session closed for user jenkins
Aug 19 02:18:09 ip-10-23-11-7 jenkins[27353]: ...done.
Aug 19 02:18:09 ip-10-23-11-7 systemd[1]: Started LSB: Start Jenkins at boot time.
很可能您正在使用不允许执行这些 systemctl 操作的用户登录目标。因此,您可能需要将 become: true 添加到您的任务中(请参阅 documentation on become):
- name: Restart Jenkins
become: true
service:
name: jenkins
state: restarted
task:
become: yes
- name: Restart Jenkins
service:
name: jenkins
state: stopped
- name: Restart Jenkins
service:
name: jenkins
state: started
注意:请检查缩进。
如果你想要 start/stop 服务你也可以在脚本开始时提到 become=yes 这样它就不会要求你在你想要 start/stop 的所有地方手动添加同一文件中的服务。