问题描述

Ansible(v1.6.5)的同步模块提示输入密码短语(输入密钥密码)即使我已经在运行剧本的开头就输入了密码.

The synchronize module of Ansible (v1.6.5) prompts for the passphrase (Enter passphrase for key) even though I already entered it at the beginning of running the playbook.

知道为什么吗?

我使用以下选项运行我的剧本:

I run my playbook with the following options:

-u myuser --ask-sudo-pass --private-key=/path/to/id_rsa

这是我的同步任务:

- name: synchronize source files in src location
  sudo: yes
  synchronize: src={{local_src}} dest={{project_dirs.src}} archive=yes delete=yes rsync_opts=["--compress"]
  when: synchronize_src_files

使用ssh-agent更新

根据Lekensteyn的建议，我尝试了ssh-agent.我没有提示了，但是任务失败了.我想念什么?

Following the advice of Lekensteyn, I tried with ssh-agent.I do not have a prompt anymore but the task fails. What am I missing?

eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa

错误:

TASK: [rolebooks/project | synchronize source files in src location] **********
failed: [10.0.0.101] => {"cmd": "rsync --delay-updates -FF --compress --delete-after --archive --rsh 'ssh -i /home/vagrant/.ssh/id_rsa -o StrictHostKeyChecking=no' --rsync-path=\"sudo rsync\" [--compress] --out-format='<<CHANGED>>%i %n%L' /projects/webapp [email protected]:/var/local/sites/project1/src", "failed": true, "rc": 12}
msg: sudo: no tty present and no askpass program specified
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.0]

推荐答案

synchronize命令(至少为Ansible 1.6.6)似乎忽略了Ansible打开的普通SSH控制套接字.您的任务可以扩展为以下内容:

The synchronize command (up to at least Ansible 1.6.6) seems to ignore the normal SSH control socket opened by Ansible. Your task could expand to the following:

{
    "cmd": "rsync --delay-updates -FF --compress --archive
        --rsh 'ssh  -o StrictHostKeyChecking=no'
        --out-format='<<CHANGED>>%i %n%L'
        /home/me/src/ user@host:/dest/",
    "failed": true,
    "rc": 23
}

要获取这些详细信息，请使用-v选项运行您的剧本.作为解决方法，您可以启动ssh-agent并使用ssh-add添加缓存SSH密钥.有关详细信息，请参见其手册页.

To get these details, run your playbook with the -v option. As a workaround for this, you can start ssh-agent and add cache your SSH key with ssh-add. Refer to their manual pages for details.

使用synchronize模块的其他警告:

• 使用sudo: yes运行时，ansible将使用--rsh 'sudo ssh'运行，如果远程sudo配置需要密码和/或TTY，则ansible将中断.解决方案:在任务定义中设置sudo: no.
• 登录到远程计算机的用户是您的SSH用户(ansible_ssh_user)，而不是sudo用户.我还没有找到一种方法来覆盖此用户(除了一种未经测试的方法，该方法通过dest_port="22 -o User=your_user"吗?通过其他选项之一与set_remote_user=yes一起使用-o User选项覆盖了用户).

• When run with sudo: yes, ansible will run with --rsh 'sudo ssh' which will break if the remote sudo configuration requires a password and/ or TTY. Solution: set sudo: no in your task definition.
• The user that logs into the remote machine is your SSH user (ansible_ssh_user), not the sudo user. I have not found a way to override this user (besides an untested method that overrides the user with -o User option via one of the other options (dest_port="22 -o User=your_user"?) in combination with set_remote_user=yes).

这是从我的任务文件中提取的:

This is taken from my tasks file:

- name: sync app files
  sudo: no
  synchronize: src={{app_srcdir}}/ dest={{appdir}}/
               recursive=yes
               rsync_opts=--exclude=.hg
# and of course Ubuntu 12.04 does not support --usermap..
#,--chown={{deployuser}}:www-data
# the above goes bad because ansible_ssh_user=user has no privileges
#  local_action: command rsync -av --chown=:www-data
#                 {{app_srcdir}}
#                 {{deployuser}}@{{inventory_hostname}}:{{appdir}}/
#  when: app_srcdir is defined
# The above still goes bad because {{inventory_hostname}} is not ssh host...

这篇关于即使已在开头输入，Ansible同步也会提示密码短语的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！