在 Dockerfile 中本地运行 Ansible SSH 身份验证问题

在 Dockerfile 中本地运行 Ansible SSH 身份验证问题

由于身份验证问题,我无法在 Dockerfile 中运行我的 ansible playbook。

这是我的docker文件:

FROM ubuntu:14.04
MAINTAINER hyperfocus

# Update system and install ansible
RUN apt-get -y update
RUN apt-get install -y python-yaml python-jinja2 git
RUN git clone http://github.com/ansible/ansible.git /tmp/ansible

# Set environment
WORKDIR /tmp/ansible
ENV PATH /tmp/ansible/bin:/sbin:/usr/sbin:/usr/bin
ENV ANSIBLE_LIBRARY /tmp/ansible/library
ENV PYTHONPATH /tmp/ansible/lib:$PYTHON_PATH

# Add repo key and add it to known hosts
ADD id_rsa /root/.ssh/id_rsa
RUN chmod 700 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts

# Bootstrap playbook
RUN git clone [email protected]:xxx/xxx.git /tmp/playbook
ADD hosts /etc/ansible/hosts
WORKDIR /tmp/playbook

# Bootstrap
RUN ansible-playbook /tmp/playbook/site.yml -c local -t bootstrap

# Debug
# RUN ansible all -m ping -i /etc/ansible/hosts -vvvvvv

# Container settings
EXPOSE 22 3000
ENTRYPOINT [“/usr/bin/foo”]

我的主机文件:

[web]
localhost ansible_connection=local

[database]
localhost ansible_connection=local

[cache]
localhost ansible_connection=local

输出:

PLAY [bootstrap installer] ****************************************************

GATHERING FACTS ***************************************************************
fatal: [localhost] => Authentication or permission failure.  In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: mkdir -p $HOME/.ansible/tmp/ansible-tmp-1403661775.03-87881370436819 && echo $HOME/.ansible/tmp/ansible-tmp-1403661775.03-87881370436819, exited with result 127

我在这里遗漏了什么?

答案1

Ansible 正在容器中运行并尝试连接到容器,因此您需要授权容器和 root 用户。容器必须是已知主机,并且 root 的公钥必须获得授权。例如:

RUN ssh-keyscan -t rsa 127.0.0.1 >>/root/.ssh/known_hosts
RUN cat /root/.ssh/id_rsa.pub >>/root/.ssh/authorized_keys 

我使用的是 Docker 版本 1.1.2,内部版本 d84a070。登录到我的容器(以 root 身份)后,我发现 pip 使用的是 /.pip 而不是 /root/.pip;而 ssh 按照预期使用了 /root/.ssh,而不是 Gekkie 建议的 /.ssh。

相关内容