Ansible known_hosts 任务失败

tag-icon tag-icon ansible
Ansible known_hosts 任务失败

我是 ansible 新手,我创建了小型 ansible-playbook,它将 github ssh 主机密钥添加到每个服务器的 known_hosts 中:

---
- hosts: all
  tasks:
  - name: Add github to ssh known-hosts
    known_hosts:
     name: "TS_github"
     key: "github.com,192.30.252.129 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="

但是由于某些原因,此剧本在每个主机上都失败并出现错误:

fatal: [clusterapp-1]: FAILED! => {"changed": false, "cmd": "/usr/bin/ssh-keygen -F TS_github -f /tmp/tmpgROT5p", "failed": true, "msg": "", "rc": 1, "stderr": "", "stdout": "", "stdout_lines": []}

由于某些原因,它使用/tmp/tmpgROT5p密钥文件,但显然这是错误的。如ansible 文档known_hosts 模块应该使用“(homedir)+/.ssh/known_hosts”,但是并没有发生。

我按如下方式启动剧本:

 ansible-playbook -i hosts github_keys.yml

我也尝试使用 -vvv 键启动剧本,但没有得到任何有用的信息。

我的 ansible.cfg 文件:

[defaults]
transport=ssh
host_key_checking=false

答案1

應該name是主人的名字。

因此,就你的情况而言,名称需要github.comkey应该是github.com,192.30.252.129 ssh-rsa AAAAB3NzaC1yc2EAA...

---
- hosts: all
  tasks:
  - name: Add github to ssh known-hosts
    known_hosts:
     name: github.com
     key: "github.com,192.30.252.129 ssh-rsa AAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="

答案2

另外,如果您只是想避免被提示,并且这符合您的安全要求,那么您可以使用 .ssh/config 文件让特定用户忽略 known_hosts。

主机 * StrictHostKeyChecking 否

答案3

一个可能的解决方法是使用 blockinfile。

  - name: Add github to ssh known-hosts
    blockinfile:
      path: ~/.ssh/known_hosts
      block: "github.com,192.30.252.129 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
      marker: "# {mark} github"

当然,使用 known_hosts 是推荐的方法,但这种方法效果很好。也适用于管理 /etc/hosts

相关内容