ansible - 运行 Ansible 角色以禁用密码登录后权限被拒绝（公钥）

问题描述

我有一个 Ansible 剧本，它执行以下操作：

1. 我为远程服务器生成 SSH 密钥
2. 然后我在角色中禁用root登录和密码认证ssh
3. 最后，我设置了 root 帐户的密码。

playbook 的 2) 和 3) 部分如下所示：

- hosts: new_servers
  become: yes

  tasks:
    - block:

      - name: Run ssh role to enable login using SSH keys and disable password login
        include_role:
          name: ssh

      - name: Set Password on root Account
        user:
          name: user
          password: "{{ user_password_hash }}"
          update_password: always

该ssh角色具有以下内容tasks/main.yml，灵感来自此链接：

---

- name: Set SSH port
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^Port\\s"
    line: "Port {{ ssh_port }}"
    state: present
  notify: Restart SSH

- name: Disable root SSH login
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^PermitRootLogin"
    line: "PermitRootLogin no"
    state: present
  notify: Restart SSH

- name: Disable SSH password authentication
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^PasswordAuthentication"
    line: "PasswordAuthentication no"
    state: present
  notify: Restart SSH

- name: run all handlers now so it doesn't fail later in provisioning playbook
  meta: flush_handlers

处理程序Restart SSH如下：

---

- name: Restart SSH
  service:
    name: sshd
    state: restarted

当我运行这个剧本时，它会运行ssh角色的所有任务，但是在运行重新启动服务的处理程序的最后一步失败sshd，大概是因为密码登录现在被禁用了？

PLAY [new_servers] *********************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************************************ok: [cm002]

TASK [Run ssh role to enable login using SSH keys and disable password login] ******************************************************************************************************************************************************

TASK [ssh : Set SSH port] **********************************************************************************************************************************************************************************************************ok: [cm002] => changed=true
  backup: ''
  msg: line added

TASK [ssh : Disable root SSH login] ************************************************************************************************************************************************************************************************ok: [mauocmacst002] => changed=true
  backup: ''
  msg: line added

TASK [ssh : Disable SSH password authentication] ***********************************************************************************************************************************************************************************changed: [mauocmacst002] => changed=true
  backup: ''
  msg: line added

RUNNING HANDLER [ssh : Restart SSH] ************************************************************************************************************************************************************************************************fatal: [cm002]: FAILED! =>
  msg: 'Failed to connect to the host via ssh: user@cm002: Permission denied (publickey).'

NO MORE HOSTS LEFT ***************************************************************************************************************************************************************************************************************************

PLAY RECAP ***********************************************************************************************************************************************************************************************************************************
cm002              : ok=0   changed=3    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

如何重新启动sshd需要执行的服务以使更改生效？

标签： ansible