ansible proxy_to在循环内使用时表现荒唐

编程问答 2022-08-12

问题描述

在下面共享我的测试用例,以证明可以复制的问题:

我通过root用户从ansible主机到JUMP服务器建立ssh连接,如下所示:

 anuser1@ANSIBLE_HOST#   ssh root@10.0.0.1  ----------> success
 anuser1@ANSIBLE_HOST#   ssh root@10.0.0.2  ----------> success

但是,两个跳转服务器都没有python,因此我只在剧本中使用raw模块。

下面是我用来执行剧本的命令:

ansible-playbook /app/playbook/injectkey/injectkey.yml -e JUMP_SERVER='10.0.0.1\n10.0.0.2' -e TARGET_SERVER='192.0.0.99' -e TARGET_USER='root' -vvv

下面是我的剧本injectkey.yml:

---

- name: "Play 1"
  hosts: localhost
  gather_facts: false
  tags: always
  tasks:
    - name: Add host
      debug:
        msg: " hello "
    - set_fact:
        jump_server_list: "{{ JUMP_SERVER | trim }}"
    - set_fact:
        target_server_list: "{{ TARGET_SERVER | trim }}"

    - add_host:
        hostname: "{{ item }}"
        groups: jump_nodes
      with_items: "{{ jump_server_list.split('\n') }}"

    - add_host:
        hostname: "{{ item }}"
        groups: dest_nodes
      with_items: "{{ target_server_list.split('\n') }}"

- name: "Play 3"
  hosts: dest_nodes
  user: root
  gather_facts: false
  ignore_unreachable: yes

  tasks:
    - name: DEEBUG Inject ssh keys by invoking script
      include_tasks: testcheckandaddkey.yml
      with_items: "{{ groups['jump_nodes'] }}"

问题出在CHECK RAW1中的任务-> testcheckandaddkey.yml上,如下所示:

---
    - name: CHECK LOOP
      ignore_errors: yes
      debug:
        msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
      delegate_to: localhost

    - name: CHECK RAW
      ignore_errors: yes
      raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
      delegate_to: localhost

    - name: CHECK LOOP2
      ignore_errors: yes
      debug:
        msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
      delegate_to: "{{ item }}"

    - name: CHECK RAW1
      ignore_errors: yes
      raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
      delegate_to: "{{ item }}"

testcheckandaddkey.yml中,我可以在debug模块中看到两个IP,但是对于第二个具有raw模块的IP 10.0.0.2,委派不会发生,如下面的输出所示。 / p>

输出

TASK [DEEBUG Inject ssh keys by invoking script] ***********************************************************************************************************************
task path: /app/playbook/injectkey/injectkey.yml:93
included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99
included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99

TASK [CHECK LOOP] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:4
ok: [192.0.0.99 -> localhost] => {
    "msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root"
}

TASK [CHECK RAW] *******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:10
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser
<localhost> EXEC echo 10.0.0.1 192.0.0.99 root
changed: [192.0.0.99 -> localhost] => {
    "changed": true,"rc": 0,"stderr": "","stderr_lines": [],"stdout": "10.0.0.1 192.0.0.99 root\n","stdout_lines": [
        "10.0.0.1 192.0.0.99 root"
    ]
}

TASK [CHECK LOOP2] *****************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:15
ok: [192.0.0.99 -> 10.0.0.1] => {
    "msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root"
}

TASK [CHECK RAW1] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:21
<10.0.0.1> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.0.1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/1a88418cb1 -tt 10.0.0.1 'echo 10.0.0.1 192.0.0.99 root'
<10.0.0.1> (0,'10.0.0.1 192.0.0.99 root\r\n','Shared connection to 10.0.0.1 closed.\r\n')
changed: [192.0.0.99 -> 10.0.0.1] => {
    "changed": true,"stderr": "Shared connection to 10.0.0.1 closed.\r\n","stderr_lines": [
        "Shared connection to 10.0.0.1 closed."
    ],"stdout": "10.0.0.1 192.0.0.99 root\r\n","stdout_lines": [
        "10.0.0.1 192.0.0.99 root"
    ]
}

TASK [CHECK LOOP] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:4
ok: [192.0.0.99 -> localhost] => {
    "msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root"
}

TASK [CHECK RAW] *******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:10
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser
<localhost> EXEC echo 10.0.0.2 192.0.0.99 root
changed: [192.0.0.99 -> localhost] => {
    "changed": true,"stdout": "10.0.0.2 192.0.0.99 root\n","stdout_lines": [
        "10.0.0.2 192.0.0.99 root"
    ]
}

TASK [CHECK LOOP2] *****************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:15
ok: [192.0.0.99 -> 10.0.0.2] => {
    "msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root"
}

TASK [CHECK RAW1] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:21
<10.0.0.2> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.0.2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/42c5d2e05f -tt 10.0.0.2 'echo 10.0.0.2 192.0.0.99 root'
<10.0.0.2> (255,'','Permission denied (publickey,password,keyboard-interactive).\r\n')
fatal: [192.0.0.99]: UNREACHABLE! => {
    "changed": false,"msg": "Failed to connect to the host via ssh: Permission denied (publickey,keyboard-interactive).","skip_reason": "Host 192.0.0.99 is unreachable","unreachable": true
}

对于TASK [CHECK RAW1],我期望changed: [192.0.0.99 -> 10.0.0.2] => {就像我获得其他IP changed: [192.0.0.99 -> 10.0.0.1] => {的方式一样

但是我却得到fatal: [192.0.0.99]: UNREACHABLE! => {

输出中:

<10.0.0.2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/42c5d2e05f -tt 10.0.0.2 'echo 10.0.0.2 192.0.0.99 root'

我从有问题的任务CHECK RAW1中尝试了上述ssh命令 手动,效果很好!

您能建议我如何让两个IP代替单个IP来工作吗?

任何解决此问题的技巧将不胜感激。

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

ansibleansibleansible-moduledelegatesloops