|
|
楼主 |
发表于 2020-11-3 22:13:12
|
显示全部楼层
cat hosts_pwd
% D+ y$ Q/ d: K1 m9 S# 未分组机器,放在所有组前面6 J! x! ? o: d9 Q: k$ E3 d9 y. R2 @
# 默认端口22,可省略/ o H! S" h6 \) e& Z6 s
# 方式1:主机 + 端口 + 密码# ^! ?9 T/ H' ~
172.16.1.180 ansible_ssh_port=22 ansible_ssh_user=yun ansible_ssh_pass='123456'" p3 R8 m( O) O, A
& c. \/ b2 _( @+ e% g9 d# 方式2:主机 + 端口 + 密码: s) q+ R$ |3 B
[proxyservers]$ P2 s5 E1 v. k* x$ [( }0 [
172.16.1.18[1:2] ansible_ssh_port=22 ansible_ssh_user=yun ansible_ssh_pass='123456' B/ h9 A& T7 w4 h6 R& U8 @
4 j5 l H5 P \. d [# 方式3:主机 + 端口 + 密码+ p7 d5 M# v1 p9 \" J& e
[webservers]6 e& z9 m. U6 s2 u
172.16.1.18[3:5] ansible_ssh_port=22 ansible_ssh_user=yun
, E5 P) U3 y g$ W& g[webservers:vars]
2 A f6 g" L% eansible_ssh_pass='123456'- O# ^( I2 n4 }! D6 d7 ^( c
2 P r: J' }+ C0 F+ z8 V" p( T6 R
: i: J4 F7 o; y" ^
) P. P0 q% G* P8 _) n0 y. j
# L- G4 C5 r& |sudo ansible 172.16.1.180 -m ping -i ./hosts_pwd # 提权使用 root 用户执行1 c/ D* u2 o& x6 B8 W( L$ h
172.16.1.180 | FAILED! => {% m& H% s' D5 _+ e% p
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."1 w# l( y1 x3 x
}2 z1 p E/ j/ ?. y2 l$ j' L
1 O; x% a! k3 M# }( _: c- _( U, T9 \, e
大概提示信息:因为启用了主机密钥检查,而 sshpass 不支持这一点。请将此主机「172.16.1.180」的指纹添加到你本机的known_hosts文件中以管理此主机。
+ U9 |0 f s8 D5 V# q
: `5 F+ U! U7 i- |" S ]
8 @4 y/ m' I) Y& C8 |- B& E7 p, W跳过主机密钥检查,有两种方式:方式1:修改 Linux 系统配置 vim /etc/ssh/ssh_config
- K1 f+ B# X/ I5 {6 A7 x# AddressFamily any
# Q# ?% @7 ~$ p' e @: c" A2 s, }/ H# ConnectTimeout 0% a* M8 T6 x2 a: ?
# StrictHostKeyChecking ask # 将该配置的注释打开,并改为 StrictHostKeyChecking no 这样针对所有用户都不会在进行 「主机密钥检查」了! X- r. R1 W) ?) \
# IdentityFile ~/.ssh/identity+ C/ v v4 l7 L# H2 C1 T
3 {' w- a8 }# e3 l8 ^# ?" o U, i# y" W
. d/ Q1 d. v8 V4 ]& u: K5 n! R( |* y0 w N
1 U% L0 B$ C- r' _) K2 d
1 y( X( y7 k6 e3 V. Q) ]3 {但是这个是 Linux 自带的配置,我们不能随意去更改。因此不建议如此操作。1 v" _- s/ m/ v5 V1 y+ C* T6 k1 l
( ^2 V+ R) J" Y4 p$ Z9 o3 ~& s2 P+ l) C- z% |4 L, V) j
方式2:修改 ansible 配置
( W( Z& f6 |# U' g( h0 v2 \8 ]+ a5 \7 T0 ~9 I! d N/ G2 C
vim /etc/ansible/ansible.cfg6 r8 G" y& u3 G6 Q1 j% d4 l0 k
# uncomment this to disable SSH key host checking
2 M, `0 q0 a- n- g4 zhost_key_checking = False # 将该配置的注释去掉
/ L; z$ o( l, j8 z' U o
2 C B$ T% K+ z; H/ O! t
& E' E C x p+ _5 a改配置仅对 root 用户生效,其他普通用户是不生效的。这里使用该方法。* p' l9 X5 h4 N }6 c
再次连接测试$ ansible 172.16.1.180 -m ping -i ./hosts_pwd # 普通用户还是不行
& p8 A$ p) n" y7 L0 T# T172.16.1.180 | FAILED! => {
3 I. s) D; `4 f- Z% L4 W0 p* q "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.": D; v6 }- ^& H9 o, j. _ x
}
4 Q- i# \. L0 Y, S3 Q$ sudo ansible 172.16.1.180 -m ping -i ./hosts_pwd # 提权使用 root 用户执行4 k! U' I4 F! P9 d
172.16.1.180 | SUCCESS => {! ?; P0 k8 W, D% g1 N- B
"ansible_facts": {% V8 f' i9 [& w) X! A" k
"discovered_interpreter_python": "/usr/bin/python"8 h( p" y( k' H
}, : B* n# |' [: t! y1 m
"changed": false, 0 C9 k% E& |, A' c% n5 L
"ping": "pong"8 z2 R- \# R: [" y
} |
|
发表于 2020-11-3 22:07:50