|
|
楼主 |
发表于 2020-11-3 22:13:12
|
显示全部楼层
cat hosts_pwd - C6 l( B" b9 D; d
# 未分组机器,放在所有组前面
& i7 m' ]" Q6 `0 E; m# 默认端口22,可省略2 p- F+ l5 n4 B, u6 A; x& W5 @
# 方式1:主机 + 端口 + 密码
5 x( k5 m. n- c: d% a, S3 @" ^172.16.1.180 ansible_ssh_port=22 ansible_ssh_user=yun ansible_ssh_pass='123456'% M! o b8 [1 j* q6 R S
j2 [+ }) ~2 G" h# 方式2:主机 + 端口 + 密码
7 R/ A( w7 E4 K1 U+ R[proxyservers]. F7 J7 N1 |! s* F1 ]
172.16.1.18[1:2] ansible_ssh_port=22 ansible_ssh_user=yun ansible_ssh_pass='123456'
# A7 ?3 S# d1 E6 h7 Q, ^+ o2 ?1 S( n# }6 d! c4 K0 x4 D
# 方式3:主机 + 端口 + 密码
) ?+ u6 v0 k/ c! P6 }9 i% d[webservers]
. F8 d2 d- V( v9 r; C172.16.1.18[3:5] ansible_ssh_port=22 ansible_ssh_user=yun- k# s, U' i2 q1 ]% s! E
[webservers:vars]
o3 c3 r; C3 L6 o2 z% \6 E, q* Xansible_ssh_pass='123456'4 Y; Z4 P. {+ }' L3 {# v/ ^
) Z `" Z$ d4 e3 ^2 h+ }$ d
) n2 _1 q# N* n, P+ @8 z; N- `; T3 O6 w& o, ]
' @6 u: i% f( u5 m2 o: e0 ^! osudo ansible 172.16.1.180 -m ping -i ./hosts_pwd # 提权使用 root 用户执行) `2 a/ [: R/ f
172.16.1.180 | FAILED! => {
2 q$ A" S* @+ @6 z "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
0 t; }# c8 Y& n+ d) |}) s7 T- G5 f- |# K, w
/ o4 J+ {+ z: o8 k
6 w O! P/ C: K* e& s& m大概提示信息:因为启用了主机密钥检查,而 sshpass 不支持这一点。请将此主机「172.16.1.180」的指纹添加到你本机的known_hosts文件中以管理此主机。% J4 n" a6 i$ u! G
& {; N, g I# m% c9 `$ k7 W4 n5 W+ B$ s! n3 O1 ^3 Q5 x5 i) r
跳过主机密钥检查,有两种方式:方式1:修改 Linux 系统配置 vim /etc/ssh/ssh_config
" P) ~6 r! w- w W& a9 I# AddressFamily any2 V% ?0 d- V5 S- C
# ConnectTimeout 0
! B [2 F+ ?# x& d: ^# StrictHostKeyChecking ask # 将该配置的注释打开,并改为 StrictHostKeyChecking no 这样针对所有用户都不会在进行 「主机密钥检查」了' B5 L. n0 \& T9 ~, g5 B9 c9 {
# IdentityFile ~/.ssh/identity
, T( h B- ^. B( K. N; ^ ^
* Y& W/ y" D+ V6 Z3 Z# y3 m* ?1 S' W2 h
4 @8 m# G d8 o: }+ I- T+ }
a% k. [& V4 G# B0 b x8 T* N; p" W7 u& z! d( }
但是这个是 Linux 自带的配置,我们不能随意去更改。因此不建议如此操作。
g& o* n4 Q0 O- C$ F, X1 T# X) n0 R+ ]; q
% l2 B- s3 E. H4 K0 \
方式2:修改 ansible 配置: b2 o9 O1 }6 y+ y$ w
T! Y# T6 t; w: m( j5 Gvim /etc/ansible/ansible.cfg
2 u; }1 t, E2 M) d0 l' s9 e# uncomment this to disable SSH key host checking
4 T& [' ~6 }* ~; U) @+ A1 l7 y# Vhost_key_checking = False # 将该配置的注释去掉# Z9 h8 L6 X/ \
# T4 p+ y' z& w; |, p
# x! K; `4 X$ b1 H( I
改配置仅对 root 用户生效,其他普通用户是不生效的。这里使用该方法。
& ]$ G2 } \3 ^) B, G) K5 a3 N" [再次连接测试$ ansible 172.16.1.180 -m ping -i ./hosts_pwd # 普通用户还是不行
( ~7 s; [) \5 [9 N! f. }2 b172.16.1.180 | FAILED! => {
% Z6 K" T$ c- `$ n' `5 X; b9 z "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.", a# z# n9 C0 }9 i" r
}
- X5 F5 j, h. V& O0 l. {$ sudo ansible 172.16.1.180 -m ping -i ./hosts_pwd # 提权使用 root 用户执行0 ^1 z9 q" @/ L7 W, J! m
172.16.1.180 | SUCCESS => {
! ?3 r, e6 Q2 m: {2 Z! }( K2 D "ansible_facts": {
! F( _/ i% s) z* x& s/ y) {/ N "discovered_interpreter_python": "/usr/bin/python"
, t5 ?+ S7 |" y" _: | }, 3 @* [" n5 l6 _$ b2 o( o9 J4 {2 H0 i$ f
"changed": false, 7 i7 @2 |# g; W5 \, a+ _$ W" @
"ping": "pong". u. G2 H6 Z: Q8 C' B
} |
|
发表于 2020-11-3 22:07:50