1、执行ansible命令卡住

         在执行ansible命令的时候,卡在双机互信也就是有没有添加ssh-key的地方,如下所示:

[root@ansibleserver ~]# ansible all -a  'uptime'

 

paramiko: The authenticity of host  '192.168.1.161' can't be established.

The ssh-rsa key fingerprint is  b1811be3f00f72918fd73f4d878c3ab7.

Are you sure you want to continue  connecting (yes/no)?

         解决方法:

                   修改配置文件/etc/ansible/ansible.cfg,不进行SSH-KEY检查即可

         修改之前如下:


         修改之后如下:


2、设置无密码登录

         ansible主机上的设置:

[root@ansibleserver ~]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key  (/root/.ssh/id_rsa):

Enter passphrase (empty for no  passphrase):

Enter same passphrase again:

Your identification has been saved in  /root/.ssh/id_rsa.

Your public key has been saved in  /root/.ssh/id_rsa.pub.

The key fingerprint is:

4e:15:17:b6:85:ce:e3:93:1c:51:81:28:92:24:d7:af  root@ansibleserver

The key's randomart image is:

+--[ RSA 2048]----+

|     ..oo  ..+=+. |

|      oo o .++o   |

|        . o.o..   |

|          .. =    |

|         S. o +   |

|        oE   =    |

|         .    .   |

|                 |

|                 |

+-----------------+

或者使用如下的方式:

[root@RHANCL ~]# ls -l .ssh/

total 4

-rw-r--r--. 1 root root 788 Feb 15 11:29  known_hosts

[root@RHANCL ~]# ssh-keygen -q -N  "" -f /root/.ssh/id_rsa

[root@RHANCL ~]# ls -l .ssh/

total 12

-rw-------. 1 root root 1675 Feb 15 11:38  id_rsa

-rw-r--r--. 1 root root  393 Feb 15 11:38 id_rsa.pub

 

将生成的秘钥传送到被操作的机器上:

[root@ansibleserver ~]# ssh-copy-id -i  ~/.ssh/id_rsa.pub root@192.168.1.162

The authenticity of host '192.168.1.162  (192.168.1.162)' can't be established.

RSA key fingerprint is  f1:30:43:92:19:fb:77:82:c6:f4:b8:43:35:01:8a:85.

Are you sure you want to continue  connecting (yes/no)? yes

Warning: Permanently added  '192.168.1.162' (RSA) to the list of known hosts.

root@192.168.1.162's password:

Now try logging into the machine, with  "ssh 'root@192.168.1.162'", and check in:

 

   .ssh/authorized_keys

 

to make sure we haven't added extra keys  that you weren't expecting.

[root@RHANCL ~]# ssh-copy-id  root@172.168.1.77

root@172.168.1.77's password:

Now try logging into the machine, with  "ssh 'root@172.168.1.77'", and check in:

 

   .ssh/authorized_keys

 

to make sure we haven't added extra keys  that you weren't expecting.

 [root@RHANCL  ~]# ssh 172.168.1.77

Last login: Wed Feb 15 11:38:07 2017 from  172.168.1.1

验证登录:

[root@ansibleserver ~]# ssh 192.168.1.162

Last login: Sat Jan  2 01:27:59 2016 from 192.168.1.103

         如果此用户设置了无密码登录,那么在输入密码的时候,无论输入为正确还是错误,都是能够成功连接此主机

3、使用sudo的时候配置sudo登录

未做sudo设置报错如下:

localhost | FAILED >> {

     "failed": true,

     "msg": "\r\nkel is not in the sudoers file.  This incident will be reported.\r\n",

     "parsed": false

}

从而需要sudo的时候需要做sudo设置:

[root@ansiblemoniter ~]# ls -l  /etc/sudoers

-r--r-----. 1 root root 3815 Jan  5 03:07 /etc/sudoers

[root@ansiblemoniter ~]# chmod 700  /etc/sudoers

[root@ansiblemoniter ~]# ls -l  /etc/sudoers

-rwx------. 1 root root 3815 Jan  5 03:07 /etc/sudoers

然后在其中添加需要sudo的用户

## Allow root to run any commands  anywhere

root     ALL=(ALL)       ALL

kel      ALL=(ALL)       ALL

将权限修改回来

[root@ansiblemoniter ~]# chmod 440  /etc/sudoers

[root@ansiblemoniter ~]# ls -l  /etc/sudoers

-r--r----- 1 root root 3839 Jan  5 05:44 /etc/sudoers

验证生效:

[kel@ansiblemoniter ~]$ sudo -l

[sudo] password for kel:

Matching Defaults entries for kel on this  host:

     requiretty, !visiblepw, always_set_home, env_reset,  env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS",  env_keep+="MAIL PS1

     PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",  env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT  LC_MESSAGES", env_keep+="LC_MONETARY

     LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",  env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET  XAUTHORITY",

     secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

 

User kel may run the following commands  on this host:

     (ALL) ALL

4、使用询问密码模式所有密码必须相同

         在使用参数-k的时候,必须所有的host的用户密码都相同,否则会出现认证失败的错误;在使用此参数的时候,如果有的机器做了无密码登录,那么就会使用秘钥进行登录,如下所示:

[root@ansibleserver ansible]# ansible all  -m ping -u kel -k

SSH password:

localhost | success >> {

     "changed": false,

     "ping": "pong"

}

 

ansiblemoniter | FAILED => FAILED:  Authentication failed.

ansiblemonitor | FAILED => FAILED:  Authentication failed.

         用户kellocalhost上的密码未123456,而另外两台机器的密码为kel,那么必然造成另外两台机器认证失败。

        

         在进行询问密码的时候,可以在配置文件中进行设置,默认情况下是注释掉的,如下所示:

#ask_sudo_pass = True

#ask_pass      = True

         如果需要使用询问密码和sudo密码使用的时候,可以取消此注释

5 ansible执行

         在使用ansible命令的时候,可能出现如下情况:

[root@RHANCL ~]# ansible all -m ping

172.168.1.77 | UNREACHABLE! => {

   "changed": false,

   "msg": "No authentication methodsavailable",

   "unreachable": true

}

[root@RHANCL ~]#

         主要是未使用默认的连接方式,在此时可以使用如下选项:

[root@RHANCL ~]# ansible all -m ping -k

SSH password:

 

paramiko: The authenticity of host'172.168.1.77' can't be established.

The ssh-rsa key fingerprint isa135bce1980ebf1e735334d5d55c409f.

Are you sure you want to continueconnecting (yes/no)?

yes

172.168.1.77 | SUCCESS => {

   "changed": false,

   "ping": "pong"

}

 

问题

1.1 执行命令显示connection refused

         在执行ansible命令的时候,显示连接拒绝,如下所示:

[root@ansibleserver ~]# ansible all -m  "ping"

192.168.1.161 | FAILED => FAILED:  [Errno 111] Connection refused

ansiblemoniter | FAILED => FAILED:  [Errno 111] Connection refused

         解决方案:

                   注意ssh是否能连接被操作服务器,主要是查看端口号是否正确

查看被操作的服务的ssh端口号如下:

[root@ansiblemoniter ~]# netstat -tunlp  |grep ssh

tcp         0      0 0.0.0.0:5309                0.0.0.0:*                   LISTEN      9210/sshd          

tcp         0      0 :::5309                     :::*                        LISTEN      9210/sshd

         可以看到ssh端口号为5309,从而修改ansible的资产管理配置文件/etc/ansible/hosts,主要添加ansible连接的ssh端口号,如下

[root@ansibleserver ~]# cat  /etc/ansible/hosts

192.168.1.161 ansible_ssh_port=5309  ansible_ssh_user=root ansible_ssh_pass=root

ansiblemoniter ansible_ssh_user=root  ansible_ssh_pass=root

         然后再次进行测试:

[root@ansibleserver ~]# ansible all -m  'ping'

ansiblemoniter | FAILED => FAILED:  [Errno 111] Connection refused

192.168.1.161 | success  >> {

     "changed": false,

     "ping": "pong"

}

 

1.2 执行命令显示没有认证

         在执行ansible命令的时候,显示没有认证,错误信息如下所示:

[root@ansibleserver ~]# ansible all -m  ping

ansiblemoniter | FAILED => FAILED: No authentication methods available

         解决方案:

                   ssh进行连接执行命令的时候,需要在被操作机器上进行认证,做了双机互信或者是使用用户名和密码

                   从而在资产管理文件中添加执行的用户名和密码,如下所示:

配置文件路径:/etc/ansible/hosts

ansiblemoniter ansible_ssh_port=5309  ansible_ssh_user=root ansible_ssh_pass=root

         测试如下:

[root@ansibleserver ~]# ansible all -m  ping

ansiblemoniter  | success >> {

    "changed": false,

    "ping": "pong"

}

1.3 执行命令显示名称无法解析

         在执行ansible命令的时候,显示名称无法解析,错误信息如下:

[root@ansibleserver ~]# ansible all -m  'ping'

ansiblemoniter | FAILED  => FAILED: [Errno -3] Temporary failure in name resolution

         解决方案:

                   主要是在进行名称解析的时候,没有配置域名解析,从而修改配置文件如下:

[root@ansibleserver ~]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4  localhost4.localdomain4

192.168.1.161  ansiblemoniter

         使用ping来进行测试,是否能正常解析:

[root@ansibleserver ~]# ping  ansiblemoniter

PING ansiblemoniter (192.168.1.161)  56(84) bytes of data.

64 bytes from ansiblemoniter (192.168.1.161):  icmp_seq=1 ttl=64 time=0.510 ms

64 bytes from ansiblemoniter  (192.168.1.161): icmp_seq=2 ttl=64 time=0.535 ms

         测试如下:

[root@ansibleserver ~]# ansible all -m  ping

ansiblemoniter |  success >> {

    "changed": false,

    "ping": "pong"

}

1.4 使用sudo卡住

         在执行ansible命令的时候,添加了参数sudo然后卡住,错误信息如下:

[root@ansibleserver ~]# ansible all -a  'echo "kel"' -u kel -kK  -s  -vvv -T 1

SSH password:

sudo password [defaults to SSH password]:  

<ansiblemoniter> ESTABLISH  CONNECTION FOR USER: kel on PORT 5309 TO ansiblemoniter

<ansiblemoniter> REMOTE_MODULE  command echo "kel"

<ansiblemoniter> EXEC /bin/sh -c  'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1451989585.35-179529677845134  && chmod a+rx  $HOME/.ansible/tmp/ansible-tmp-1451989585.35-179529677845134 && echo  $HOME/.ansible/tmp/ansible-tmp-1451989585.35-179529677845134'

<ansiblemoniter> PUT /tmp/tmpj6RClb  TO /home/kel/.ansible/tmp/ansible-tmp-1451989585.35-179529677845134/command

<ansiblemoniter> EXEC /bin/sh -c  'sudo -k && sudo -H -S -p "[sudo via ansible, key=jwshlldhgmqiwayfbeyxynchucnkhehr]  password: " -u root /bin/sh -c '"'"'echo  SUDO-SUCCESS-jwshlldhgmqiwayfbeyxynchucnkhehr; LC_CTYPE=C  /usr/bin/python  /home/kel/.ansible/tmp/ansible-tmp-1451989585.35-179529677845134/command; rm  -rf /home/kel/.ansible/tmp/ansible-tmp-1451989585.35-179529677845134/  >/dev/null 2>&1'"'"''

ansiblemoniter | FAILED => failed to  parse:

Sorry, try again.

[sudo via ansible,  key=jwshlldhgmqiwayfbeyxynchucnkhehr] password:

sudo: 1 incorrect password attempt

在使用错误的sudo密码的时候,会卡住,大约五分钟的时间,在使用sudo的时候,最好需要询问sudo的密码,这样速度很快,如下:

[root@ansibleserver ~]# ansible all -a  'echo "kel"' -u kel -kK  -s  -v

SSH password:

sudo password [defaults to SSH password]:  

ansiblemoniter | success | rc=0 >>

kel

添加参数-k表示询问连接的密码,参数-K表示需要输入sudo的密码,参数-s表示需要使用sudo

         在使用sudo的时候,如果使用错误的密码,那么会卡住五分钟。。暂时未解决

1.4 command模块和shell模块的问题

         command模块中,不能使用管道符合一些运算符,例如<>

         shell模块中,可以使用

 

         注意在command模块中,并不会真正提示管道符不能使用。



©著作权归作者所有:来自51CTO博客作者mb5fdb131956bf3的原创作品,如需转载,请注明出处,否则将追究法律责任

更多相关文章

  1. CentOS 7安装netatlak来实现Mac电脑Time Machine
  2. SQL存储过程的详细用法,不信你看不懂
  3. c语言自学打卡
  4. 华为交换机口令恢复和重置密码
  5. hive 本机测试使用local模式可以加快执行效率
  6. python验证用户名和密码
  7. 一文读懂MySQL的执行计划EXPLAIN
  8. ||运算你真的了解吗?
  9. CISSP学习:第12章安全通信与网络攻-击

随机推荐

  1. Android的系统架构
  2. Android 服务器推送技术
  3. Android多方案实现定时器功能
  4. Android(安卓)动态代理以及利用动态代理
  5. Android(安卓)Debug keystore及通过Andro
  6. react-native 在android封装原生listView
  7. Android事件总线(一)EventBus3.0用法全解析
  8. 2018年Android面经-BAT、头条、网易、爱
  9. Android adb shell学习心得(一)
  10. android studio使用说明