概括
我在同一个 AWS EC2 实例上安装了 ansible 和 ansible AWX,并尝试在另一个 AWS EC2 实例上部署构建。我可以通过 ansible-playbook 命令运行 playbook,但是使用 AWX 时无法通过 ssh 连接到主机
- AWX 清单刚刚添加了该主机以及 ansible_user : xxxxx,这是我要与之一起部署的用户
- Ansible/AWX 主机已设置 xxxxx 用户,无需密码即可访问目标主机,目标主机也具有相同的用户(公钥已复制)
- 我还尝试在 aws_task 和 aws_web 容器中创建此用户,并将公钥复制到目标主机
运行 ssh 命令 AWS 在收集信息时运行失败
ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=xxxxx -o ConnectTimeout=10 -o ControlPath=/tmp/awx_108_dKOwxm/cp/61735cd9d3 主机名 '/bin/sh -c '"'"'echo ~xxxxx && sleep 0'"'"''
输出:
debug3: muxserver_listen: temporary control path /tmp/awx_72_VGFOPt/cp/61735cd9d3.16cjnTwr0hSE1mXc
bind: No such file or directory
unix_listener: cannot bind to path: /tmp/awx_72_VGFOPt/cp/61735cd9d3.16cjnTwr0hSE1mXc
保留一些配置选项后运行命令 - ControlPersist、ControlMaster、ssh 有效 -
ssh -vvv -C -o StrictHostKeyChecking=no -o 'IdentityFile="/home/xxxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=xxxxx -o ConnectTimeout=10 主机名
问题
- 这是创建 ControlPath 时的权限问题吗?aws_web 和 aws_task 容器都有 /tmp 文件夹,权限为 777
- AWX 会选择哪个配置 (ansible.cfg) - 从 aws_task/aws_web 容器中,还是从部署它的主机中。我还尝试在 ansible.cfg 中的所有三个位置设置 ssh_args = -C(删除 ControlMaster 和 ControlPersist),并重新启动 AWS 容器,但没有任何效果
- 为什么它不能与控制参数一起使用
附加信息
Ansible 版本
ansible 2.7.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
配置
ANSIBLE_SSH_ARGS(/etc/ansible/ansible.cfg) = -C
操作系统/环境
Ansible 和 AWX 主机操作系统 -> CentOS Linux 版本 7.5.1804(核心)
目标主机操作系统 -> CentOS Linux 版本 7.5.1804 (核心)
AWX 版本:2.1.0
AWX 安装通过 ->https://github.com/ansible/awx/blob/devel/INSTALL.md#docker-or-docker-compose
重现步骤
1)使用 SCM 类型 git 在 AWX 中创建项目。
2)在 AWX 中创建清单,添加带有变量 ansible_user 的主机:xxxxx
3) 创建作业模板,指定作业类型运行并选择在 1 和 2 中创建的项目和库存。根据剧本的要求,在模板中提供额外的变量 build:
剧本
https://github.com/sandeepdharembra/playbooks/blob/master/installnodejs.yml
运行作业模板时的实际结果
ansible-playbook 2.7.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/var/lib/awx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
Parsed /tmp/awx_108_dKOwxm/tmpo_yCMg inventory source with script plugin
Loading callback plugin awx_display of type stdout, v2.0 from /usr/lib/python2.7/site-packages/awx/lib/awx_display_callback/module.pyc
1 plays in installnodejs.yml
PLAY [all] *********************************************************************
META: ran handlers
TASK [Created new build directory] *********************************************
task path: /var/lib/awx/projects/_6__festaging/installnodejs.yml:10
<hostname> ESTABLISH SSH CONNECTION FOR USER: xxxxx
<hostname> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=xxxxx -o ConnectTimeout=10 -o ControlPath=/tmp/awx_108_dKOwxm/cp/61735cd9d3 hostname '/bin/sh -c '"'"'echo ~xxxxx && sleep 0'"'"''
<hostname> (255, '', 'OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/tmp/awx_108_dKOwxm/cp/61735cd9d3" does not exist\r\ndebug2: resolving "hostname" port 22\r\ndebug2: ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to hostname [hostname] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9997 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndeb…
fatal: [hostname]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/tmp/awx_108_dKOwxm/cp/61735cd9d3\" does not exist\r\ndebug2: resolving \"hostname\" port 22\r\ndebug2: ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to hostname [172.16.5.91] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9997 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert ty…
PLAY RECAP *********************************************************************
hostname : ok=0 changed=0 unreachable=1 failed=0
答案1
我终于找到了解决这个问题的方法 -
我创建的作业模板没有分配凭据。我创建了想要访问目标主机(目标主机上的用户)的凭据,分配了私钥并将这些凭据添加到作业模板。作业现在可以运行(远程主机上的 ssh)
答案2
我遇到了类似的问题。原来是剧本中的一个设置ansible.cfg:
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes
原来-o IdentitiesOnly=yes是这个原因。我希望这对其他人有帮助...