问题描述
我用 Vagrant 设置了一台机器,并为它创建了一个基本的 Ansible 剧本.运行时一切正常
I have set up a machine with Vagrant, and created a basic Ansible playbook for it.Everything works as expected when I run
vm-abla> vagrant provision
但是我无法使用 Ansible 向机器发送临时命令,这是为什么?我已经突出显示了我认为可能表明原因的行.
But I cannot send an ad-hoc command to the machine with Ansible, why is that?I have highlighted the line which I think might indicate the cause.
vm-abla> ansible jon -i provisioning/hosts -a "echo 'TEST'" -vvvv
<192.168.33.2> ESTABLISH CONNECTION FOR USER: user
<192.168.33.2> REMOTE_MODULE command echo 'TEST'
<192.168.33.2> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/user/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '192.168.33.2', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1394126994.26-73015876561126 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1394126994.26-73015876561126 && echo $HOME/.ansible/tmp/ansible-tmp-1394126994.26-73015876561126'"]
192.168.33.2 | FAILED => SSH encountered an unknown error. The output was:
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
### debug1: Control socket "/home/user/.ansible/cp/ansible-ssh-192.168.33.2-22-user" does not exist
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.33.2 [192.168.33.2] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 10000 ms remain after connect
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_ecdsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_ecdsa type 3
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.33.2" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/user/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],zlib,none
debug2: kex_parse_kexinit: [email protected],zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 [email protected]
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 [email protected]
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 32:53:5d:95:d9:2b:c0:92:ab:1d:a4:87:95:a6:5a:e2
debug3: load_hostkeys: loading entries for host "192.168.33.2" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/user/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.33.2' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:10
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/id_rsa (0x7fa1272d15d0)
debug2: key: /home/user/.ssh/id_dsa (0x7fa1272d1610)
debug2: key: /home/user/.ssh/id_ecdsa (0x7fa1272cd270)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: /home/user/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering ECDSA public key: /home/user/.ssh/id_ecdsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password).
阅读本页的故障排除部分后,我也尝试通过在命令末尾添加这个来使用 Vagrant 的 SSH 密钥,结果非常相似:
After reading the Troubleshooting section of this page, I have also tried to use Vagrant's SSH key by adding this at the end of the command, with a very similar result:
-c ssh --private-key=~/.vagrant.d/insecure_private_key
知道出了什么问题吗?谢谢
Any idea of what is going wrong?Thank you
啊!我设法使用 SSH 登录到机器,但我必须声明我是虚拟机上的用户vagrant",如下所示:
Ah! I managed to login to the machine using SSH, but I had to declare that I was user "vagrant" on the virtual machine, like this:
ssh [email protected]
那么,既然这可行,我怎么能用 ansible 做同样的事情呢?(或者这不是一个好的解决方案吗?)
So, now that this works, how could I do the same with ansible? (or would this not be a good solution?)
推荐答案
由于@mascip 已经自我回答了,您需要告诉 ansible:inventory_file、ssh_user 和 ssh_private_key.(我认为不需要 -c ssh
设置.)
As @mascip already self-answered, you need to tell ansible: inventory_file, ssh_user and ssh_private_key. (I don't think the -c ssh
setting is needed.)
优雅的方式"是将所有这些设置放入特定于项目的 ansible.cfg 文件中.然后你就可以运行 ansible jon -a "echo 'TEST'"
.
The "elegant way" is to put all those settings into a project-specific ansible.cfg file. Then you can just run ansible jon -a "echo 'TEST'"
.
一个问题"是 ansible.cfg 必须与您运行 ansible
命令的目录位于同一目录中.我喜欢把 ansible.cfg 放在我的 ansible 目录下,所以这意味着我需要先 cd
在那里.如果您想从项目根目录运行 ansible
,请将 ansible.cfg 放在那里(并在下面的示例配置文件中调整相对路径).
One "gotcha" is that ansible.cfg must be in the same directory as where you're running the ansible
command. I like to put ansible.cfg under my ansible directory, so that means I need to cd
there first. If you want to run ansible
from your project root, then put ansible.cfg there instead (and adjust the relative paths in the sample config file below).
ansible.cfg:
ansible.cfg:
[defaults]
remote_user = vagrant
private_key_file = ~/.vagrant.d/insecure_private_key
# aka inventory file
hostfile = ../.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory
这篇关于“无业游民条款"有效,但我无法使用 Ansible 发送临时命令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!