ssh - Ansible 失败了!=> {"msg": "无效/错误密码:"}
问题描述
我正在尝试运行 ansible-playbook 来配置只能使用 jumphost 访问的主机。
我的 yaml 文件是:
---
all:
vars:
ansible_ssh_common_args: -o ProxyCommand="ssh -vvv -W %h:%p jumphost" -o PubkeyAuthentication=no -o PreferredAuthentications=password -o PasswordAuthentication=yes -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
ansible_become_user: root
ansible_become_method: sudo
ansible_user: "{{ lookup('env', 'ANSIBLE_SSH_USER') }}"
ansible_ssh_pass: "{{ lookup('env', 'ANSIBLE_SSH_PASSWORD') }}"
hosts:
192.168.0.[2:5]:
192.168.0.[7:10]:
192.168.0.[12:15]:
children:
cluster1:
hosts:
192.168.0.[2:5]:
cluster2:
hosts:
192.168.0.[7:10]:
cluster3:
hosts:
192.168.0.[12:15]:
logstash:
hosts:
192.168.0.[2:3]: # Cluster 1
192.168.0.[7:8]: # Cluster 2
192.168.0.[12:13]: # Cluster 3
prometheus:
hosts:
192.168.0.[4:5]: # Cluster 1
192.168.0.[9:10]: # Cluster 2
192.168.0.[14:15]: # Cluster 3
但是当我运行它时,我收到了这个错误:
$ ANSIBLE_SSH_USER='toor' ANSIBLE_SSH_PASSWORD='*****' ansible-playbook -i inventories/inventory.yml -l cluster1 playbooks/deploy-monitoring.yml -vv
ansible-playbook [core 2.11.4]
config file = None
configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible-playbook
python version = 3.8.6 (default, Apr 9 2021, 12:30:30) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1.0.1)]
jinja version = 3.0.1
libyaml = True
No config file found; using defaults
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: deploy-monitoring.yml ****************************************************************************************
1 plays in playbooks/deploy-monitoring.yml
PLAY [all] *************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
task path: /opt/Developments/GitLab/myproject/playbooks/deploy-monitoring.yml:2
[WARNING]: Unhandled error in Python interpreter discovery for host 192.168.0.2: Data could not be sent to remote host
"192.168.0.2". Make sure this host can be reached over ssh: Warning: Permanently added '192.168.0.2' (ECDSA) to the
list of known hosts.
[WARNING]: sftp transfer mechanism failed on [192.168.0.5]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: sftp transfer mechanism failed on [192.168.0.3]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: sftp transfer mechanism failed on [192.168.0.2]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: sftp transfer mechanism failed on [192.168.0.4]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [192.168.0.2]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [192.168.0.3]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [192.168.0.5]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [192.168.0.4]. Use ANSIBLE_DEBUG=1 to see detailed information
fatal: [192.168.0.2]: FAILED! => {"msg": "Invalid/incorrect password: "}
fatal: [192.168.0.3]: FAILED! => {"msg": "Invalid/incorrect password: "}
fatal: [192.168.0.4]: FAILED! => {"msg": "Invalid/incorrect password: "}
fatal: [192.168.0.5]: FAILED! => {"msg": "Invalid/incorrect password: "}
PLAY RECAP *************************************************************************************************************
192.168.0.2 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
192.168.0.3 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
192.168.0.4 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
192.168.0.5 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
如果我尝试使用跳转主机使用命令连接到远程服务器,我可以毫无问题(系统需要在跳转主机密码之前和远程服务器密码之后)
ssh -o ProxyCommand="ssh -W %h:%p jumphost" toor@192.168.0.2
注意: 我在带有 natNetwork 的 VirtualBox 上的 Windows 电脑上从 Linux VM 运行这个 ansible-playbook。在我的 Windows 电脑上运行 VPN 以允许访问 JumpHost,我无法从 Windows 和 Linux 直接访问远程服务器 (192.168.0.x)。从 Linux 我可以访问 jumphost 和远程服务器(通过 jump 主机)
这个 ansible-playbook 可以在 Mac 电脑上运行(不使用 Linux VM)。
谢谢你的帮助。马可
解决方案
我解决了使用sshpass
.
我修改了我的yaml文件如下:
ansible_ssh_common_args: -o ProxyCommand="sshpass -p $SSHPASS ssh -vvv -W %h:%p ispjh" -o PubkeyAuthentication=no -o PreferredAuthentications=password -o PasswordAuthentication=yes -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
并定义$SSHPASS
为带有密码的环境变量,用于连接到跳转主机。
推荐阅读
- javascript - 加载/卸载 HTML5 时还存在 iOS Safari 内存泄漏
- swift - Swift DispatchQueue concurrentPerform OpenGL 并行渲染
- c++ - 模板函数在 VS 2015 中给出错误
- c++ - 关于初始化指向指针的引用的问题
- html - 如何创建折叠到移动菜单中的固定侧边栏(Boostrap 4)
- javascript - 完成的 JS / HTML / CSS 代码与 Wordpress WPBakery 冲突,无法实现
- node.js - 为什么重新连接成功时socket.io客户端会重新发送离线消息?
- c - 消除字符串的特殊字符在空格处停止
- javascript - 创建一个将合并所有对象参数的函数
- javafx - 父节点中 needsLayout 属性的用途