我创建了一个包含以下内容的主机文件
[web]
167.172.xxx.xxx
我有一个用户root,dojo360在网络服务器上,并且公钥也已添加到authorized_keys文件中。
当我运行命令时 ansible web -m ping -i hosts出现以下错误
167.172.xxx.xxx | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 167.172.xxx.xxx port 22: Operation timed out",
"unreachable": true
}
我尝试过 hosts 文件的其他变体,下面是我尝试过的另一个也不起作用的变体
[web]
167.172.xxx.xxx ansible_connection=ssh ansible_user=user ansible_ssh_private_key_file=~/.ssh/id_rsa.pub
但是,我可以使用 ssh 进入服务器,没有任何问题,我是 Ansible 的新手,但这应该不会超过 24 小时,请帮忙,我被困住了。ssh [email protected]
跑步时-vvv我得到
ansible 2.9.6
config file = None
configured module search path = ['/Users/g.james/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/g.james/Library/Python/3.7/lib/python/site-packages/ansible
executable location = /Users/g.james/Library/Python/3.7/bin/ansible
python version = 3.7.6 (default, Dec 30 2019, 19:38:26) [Clang 11.0.0 (clang-1100.0.33.16)]
No config file found; using defaults
setting up inventory plugins
host_list declined parsing /Users/g.james/dojo360/d3-scripts/server/hosts as it did not pass its verify_file() method
script declined parsing /Users/g.james/dojo360/d3-scripts/server/hosts as it did not pass its verify_file() method
auto declined parsing /Users/g.james/dojo360/d3-scripts/server/hosts as it did not pass its verify_file() method
Parsed /Users/g.james/dojo360/d3-scripts/server/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /Users/g.james/Library/Python/3.7/lib/python/site-packages/ansible/plugins/callback/minimal.py
META: ran handlers
<67.172.xxx.xxx> ESTABLISH SSH CONNECTION FOR USER: root
<67.172.xxx.xxx> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/g.james/.ssh/id_rsa.pub"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/g.james/.ansible/cp/5d3d6b8351 67.172.xxx.xxx '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<67.172.xxx.xxx> (255, b'', b'OpenSSH_7.9p1, LibreSSL 2.7.3\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 48: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 67.172.xxx.xxx is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/Users/g.james/.ansible/cp/5d3d6b8351" does not exist\r\ndebug2: ssh_connect_direct\r\ndebug1: Connecting to 67.172.xxx.xxx [67.172.xxx.xxx] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: connect to address 67.172.xxx.xxx port 22: Operation timed out\r\nssh: connect to host 67.172.xxx.xxx port 22: Operation timed out\r\n')
67.172.xxx.xxx | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: OpenSSH_7.9p1, LibreSSL 2.7.3\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 48: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 67.172.xxx.xxx is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/Users/g.james/.ansible/cp/5d3d6b8351\" does not exist\r\ndebug2: ssh_connect_direct\r\ndebug1: Connecting to 67.172.xxx.xxx [67.172.xxx.xxx] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: connect to address 67.172.xxx.xxx port 22: Operation timed out\r\nssh: connect to host 67.172.xxx.xxx port 22: Operation timed out",
"unreachable": true
}
答案1
尝试使用 ansible 使用的相同命令进行连接:
ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/g.james/.ssh/id_rsa.pub"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/g.james/.ansible/cp/5d3d6b8351 67.172.xxx.xxx
如果失败,请尝试从命令中删除参数,以找出问题的原因
答案2
一般来说,清单文件中的第一行是主机名,而不是 IP 地址。因此,您必须输入 167.172.xxx.xxx ansible_host=167.172.xxx.xxx
答案3
一般来说,我们应该使用域凭证而不是基于密钥的身份验证来从控制节点到任何远程服务器运行剧本。
但您的情况是尝试使用 root 用户和密钥进行身份验证。因此请按照以下步骤操作:
- 创建一个名为 ansible 的用户,并在控制节点(ansible 主服务器)为用户“ansible”创建密钥。
- 如果您为该用户创建了密钥,将获得两个文件私钥和公钥。
将公钥内容复制到您想要通过 ansible 控制节点管理的远程服务器“/home/ansible/.ssh/authorized_keys”中。
现在使用以下命令检查 SSH
ssh -i /path/to/private-key ansible@<remoteserverip>希望这可以帮助。
答案4
我遇到了同样的问题,直接 SSH 连接(无参数)可以工作,但使用 ansible 则不行。结果发现是网络问题,因为我通过以太网电缆和 WLAN 连接到网络,而当时 WLAN 正在维护中,一些连接通过 WLAN 路由,因此无法建立。