|
|
楼主 |
发表于 2020-11-3 22:13:12
|
显示全部楼层
cat hosts_pwd # I" @4 F0 K& F- T# F9 k. d
# 未分组机器,放在所有组前面
$ y0 A. ~2 c* {# 默认端口22,可省略( m: W8 n/ V- ^0 m
# 方式1:主机 + 端口 + 密码; v$ x, Q$ k+ Z( Y
172.16.1.180 ansible_ssh_port=22 ansible_ssh_user=yun ansible_ssh_pass='123456'
% G" z) J! g( t
# z6 Q1 d, e( y& v5 m+ a: O5 Z# 方式2:主机 + 端口 + 密码
) g7 t# B7 }0 D8 p ]* U: c% R[proxyservers]5 T. Z I' Q/ P( ^! ~8 o9 Y
172.16.1.18[1:2] ansible_ssh_port=22 ansible_ssh_user=yun ansible_ssh_pass='123456'
" g. \" I* }3 G8 O( g
- i) l/ Z8 [5 H2 k' R# 方式3:主机 + 端口 + 密码
4 R# c5 [& Q6 m1 m% V2 w& a9 R[webservers]: X0 Y( u6 z# H# F
172.16.1.18[3:5] ansible_ssh_port=22 ansible_ssh_user=yun
) M+ s, y1 S" z8 K" B[webservers:vars]8 {* z# ?. ^: }3 ?. P# F0 c2 R! `
ansible_ssh_pass='123456'* n1 b; H. |1 _, ]* a3 w3 [
2 f7 v# w: _$ c4 W+ ]
$ w I e# [, d& s
3 b5 j% c C, Q* @3 w& B$ V) t$ ~" a3 z9 U0 F+ H
sudo ansible 172.16.1.180 -m ping -i ./hosts_pwd # 提权使用 root 用户执行
& C/ x' T# ^0 h! u. d1 }172.16.1.180 | FAILED! => {3 I" m! p: u* C. }4 U" V
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
! n: L8 V @/ a3 n* H% _}
8 b; D7 L, \3 a1 f$ a; R% \
1 @' Y; u8 e) c0 S% ~1 h- N$ d7 w3 M# K* z8 }( |' E% X" a
大概提示信息:因为启用了主机密钥检查,而 sshpass 不支持这一点。请将此主机「172.16.1.180」的指纹添加到你本机的known_hosts文件中以管理此主机。( r! {+ K+ h( A3 g
+ B: Y# [$ K" w9 P% c/ q$ ~( I) \+ h6 [# z7 d
跳过主机密钥检查,有两种方式:方式1:修改 Linux 系统配置 vim /etc/ssh/ssh_config ! _0 I0 P/ a+ k
# AddressFamily any
4 _ P; R& g( p# ConnectTimeout 0) K5 ?3 W4 ~: F! Y6 d; z7 Q+ R
# StrictHostKeyChecking ask # 将该配置的注释打开,并改为 StrictHostKeyChecking no 这样针对所有用户都不会在进行 「主机密钥检查」了
9 w( A$ i' Y4 H V2 O9 o1 O3 }( H, j# IdentityFile ~/.ssh/identity
7 x7 i' g" H I
, V/ w. }- m6 I2 ^. J9 w5 ^0 }
' b/ S' K, U9 n/ y& T1 y
' `) a+ R$ b6 z* {( T, E5 l$ _$ Q
6 u: e. U6 V$ J5 [: D6 i& d7 r6 z' E2 m! |
但是这个是 Linux 自带的配置,我们不能随意去更改。因此不建议如此操作。: X$ l5 D" ~; V: J9 A* v" ~
' B* U4 W" o/ A$ d+ a
; Y* }. ?. n' F3 W方式2:修改 ansible 配置
/ D& S; P. z+ | `- n
: A. l! A( O2 |' q3 G* t! l4 Xvim /etc/ansible/ansible.cfg$ h9 P* o! }* i. H5 c
# uncomment this to disable SSH key host checking
: \' p! i7 A' m k6 W/ |# p! Y& ihost_key_checking = False # 将该配置的注释去掉; \" e. L, m* C8 T
' i# C" V, s% z }7 k
5 H4 ~9 s9 V/ t改配置仅对 root 用户生效,其他普通用户是不生效的。这里使用该方法。
& M8 A5 {; S9 p$ q; P. @( f再次连接测试$ ansible 172.16.1.180 -m ping -i ./hosts_pwd # 普通用户还是不行" \; _ {$ f8 H, s y& m1 q: d1 Q& s
172.16.1.180 | FAILED! => {( L }' i7 u. L" j8 [2 A9 d
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.": h+ c/ e& D* n, H+ ~
}
6 U+ u( X6 Q2 N0 c% N- m$ sudo ansible 172.16.1.180 -m ping -i ./hosts_pwd # 提权使用 root 用户执行
Y8 E$ S5 J: {% S172.16.1.180 | SUCCESS => {2 a1 l7 `+ G# P6 o
"ansible_facts": {6 c. _5 D5 g- B- v6 ^4 d0 i, p E
"discovered_interpreter_python": "/usr/bin/python"- u( ?$ e: i& v
}, 7 x/ g3 q8 g8 o3 G# y0 e9 t
"changed": false, ; z, S3 I; [# U2 \6 m' G% T8 @1 c! N
"ping": "pong"
& S3 k$ o; ^2 e" M* ?} |
|
发表于 2020-11-3 22:07:50