问题描述
在下面共享我的测试用例,以证明可以复制的问题:
我通过root
用户从ansible主机到JUMP服务器建立ssh连接,如下所示:
anuser1@ANSIBLE_HOST# ssh root@10.0.0.1 ----------> success
anuser1@ANSIBLE_HOST# ssh root@10.0.0.2 ----------> success
但是,两个跳转服务器都没有python,因此我只在剧本中使用raw
模块。
下面是我用来执行剧本的命令:
ansible-playbook /app/playbook/injectkey/injectkey.yml -e JUMP_SERVER='10.0.0.1\n10.0.0.2' -e TARGET_SERVER='192.0.0.99' -e TARGET_USER='root' -vvv
下面是我的剧本injectkey.yml:
---
- name: "Play 1"
hosts: localhost
gather_facts: false
tags: always
tasks:
- name: Add host
debug:
msg: " hello "
- set_fact:
jump_server_list: "{{ JUMP_SERVER | trim }}"
- set_fact:
target_server_list: "{{ TARGET_SERVER | trim }}"
- add_host:
hostname: "{{ item }}"
groups: jump_nodes
with_items: "{{ jump_server_list.split('\n') }}"
- add_host:
hostname: "{{ item }}"
groups: dest_nodes
with_items: "{{ target_server_list.split('\n') }}"
- name: "Play 3"
hosts: dest_nodes
user: root
gather_facts: false
ignore_unreachable: yes
tasks:
- name: DEEBUG Inject ssh keys by invoking script
include_tasks: testcheckandaddkey.yml
with_items: "{{ groups['jump_nodes'] }}"
问题出在CHECK RAW1
中的任务-> testcheckandaddkey.yml
上,如下所示:
---
- name: CHECK LOOP
ignore_errors: yes
debug:
msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: localhost
- name: CHECK RAW
ignore_errors: yes
raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: localhost
- name: CHECK LOOP2
ignore_errors: yes
debug:
msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: "{{ item }}"
- name: CHECK RAW1
ignore_errors: yes
raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: "{{ item }}"
在testcheckandaddkey.yml
中,我可以在debug
模块中看到两个IP,但是对于第二个具有raw
模块的IP 10.0.0.2,委派不会发生,如下面的输出所示。 / p>
输出:
TASK [DEEBUG Inject ssh keys by invoking script] ***********************************************************************************************************************
task path: /app/playbook/injectkey/injectkey.yml:93
included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99
included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99
TASK [CHECK LOOP] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:4
ok: [192.0.0.99 -> localhost] => {
"msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root"
}
TASK [CHECK RAW] *******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:10
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser
<localhost> EXEC echo 10.0.0.1 192.0.0.99 root
changed: [192.0.0.99 -> localhost] => {
"changed": true,"rc": 0,"stderr": "","stderr_lines": [],"stdout": "10.0.0.1 192.0.0.99 root\n","stdout_lines": [
"10.0.0.1 192.0.0.99 root"
]
}
TASK [CHECK LOOP2] *****************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:15
ok: [192.0.0.99 -> 10.0.0.1] => {
"msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root"
}
TASK [CHECK RAW1] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:21
<10.0.0.1> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.0.1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/1a88418cb1 -tt 10.0.0.1 'echo 10.0.0.1 192.0.0.99 root'
<10.0.0.1> (0,'10.0.0.1 192.0.0.99 root\r\n','Shared connection to 10.0.0.1 closed.\r\n')
changed: [192.0.0.99 -> 10.0.0.1] => {
"changed": true,"stderr": "Shared connection to 10.0.0.1 closed.\r\n","stderr_lines": [
"Shared connection to 10.0.0.1 closed."
],"stdout": "10.0.0.1 192.0.0.99 root\r\n","stdout_lines": [
"10.0.0.1 192.0.0.99 root"
]
}
TASK [CHECK LOOP] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:4
ok: [192.0.0.99 -> localhost] => {
"msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root"
}
TASK [CHECK RAW] *******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:10
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser
<localhost> EXEC echo 10.0.0.2 192.0.0.99 root
changed: [192.0.0.99 -> localhost] => {
"changed": true,"stdout": "10.0.0.2 192.0.0.99 root\n","stdout_lines": [
"10.0.0.2 192.0.0.99 root"
]
}
TASK [CHECK LOOP2] *****************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:15
ok: [192.0.0.99 -> 10.0.0.2] => {
"msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root"
}
TASK [CHECK RAW1] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:21
<10.0.0.2> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.0.2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/42c5d2e05f -tt 10.0.0.2 'echo 10.0.0.2 192.0.0.99 root'
<10.0.0.2> (255,'','Permission denied (publickey,password,keyboard-interactive).\r\n')
fatal: [192.0.0.99]: UNREACHABLE! => {
"changed": false,"msg": "Failed to connect to the host via ssh: Permission denied (publickey,keyboard-interactive).","skip_reason": "Host 192.0.0.99 is unreachable","unreachable": true
}
对于TASK [CHECK RAW1]
,我期望changed: [192.0.0.99 -> 10.0.0.2] => {
就像我获得其他IP changed: [192.0.0.99 -> 10.0.0.1] => {
的方式一样
但是我却得到fatal: [192.0.0.99]: UNREACHABLE! => {
从输出中:
<10.0.0.2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/42c5d2e05f -tt 10.0.0.2 'echo 10.0.0.2 192.0.0.99 root'
我从有问题的任务CHECK RAW1
中尝试了上述ssh命令
手动,效果很好!
您能建议我如何让两个IP代替单个IP来工作吗?
任何解决此问题的技巧将不胜感激。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)