时间戳

首页 > 解决方案 > Ansible 失败了!=> {"msg": "无效/错误密码:"}

ssh - Ansible 失败了!=> {"msg": "无效/错误密码:"}

问题描述

我正在尝试运行 ansible-playbook 来配置只能使用 jumphost 访问的主机。

我的 yaml 文件是:

---
all:
  vars:
    ansible_ssh_common_args: -o ProxyCommand="ssh -vvv -W %h:%p jumphost" -o PubkeyAuthentication=no -o PreferredAuthentications=password -o PasswordAuthentication=yes -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
    ansible_become_user: root
    ansible_become_method: sudo
    ansible_user: "{{ lookup('env', 'ANSIBLE_SSH_USER') }}"
    ansible_ssh_pass: "{{ lookup('env', 'ANSIBLE_SSH_PASSWORD') }}"
  hosts:
    192.168.0.[2:5]:
    192.168.0.[7:10]:
    192.168.0.[12:15]:
  children:
    cluster1:
      hosts:
        192.168.0.[2:5]:
    cluster2:
      hosts:
        192.168.0.[7:10]:
    cluster3:
      hosts:
        192.168.0.[12:15]:
    logstash:
      hosts:
        192.168.0.[2:3]:     # Cluster 1
        192.168.0.[7:8]:     # Cluster 2
        192.168.0.[12:13]:   # Cluster 3
    prometheus:
      hosts:
        192.168.0.[4:5]:     # Cluster 1
        192.168.0.[9:10]:    # Cluster 2
        192.168.0.[14:15]:   # Cluster 3

但是当我运行它时,我收到了这个错误:

$ ANSIBLE_SSH_USER='toor' ANSIBLE_SSH_PASSWORD='*****' ansible-playbook -i inventories/inventory.yml -l cluster1 playbooks/deploy-monitoring.yml -vv
ansible-playbook [core 2.11.4]
  config file = None
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
  ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.8.6 (default, Apr  9 2021, 12:30:30) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1.0.1)]
  jinja version = 3.0.1
  libyaml = True
No config file found; using defaults
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: deploy-monitoring.yml ****************************************************************************************
1 plays in playbooks/deploy-monitoring.yml

PLAY [all] *************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************
task path: /opt/Developments/GitLab/myproject/playbooks/deploy-monitoring.yml:2
[WARNING]: Unhandled error in Python interpreter discovery for host 192.168.0.2: Data could not be sent to remote host
"192.168.0.2". Make sure this host can be reached over ssh: Warning: Permanently added '192.168.0.2' (ECDSA) to the
list of known hosts.
[WARNING]: sftp transfer mechanism failed on [192.168.0.5]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: sftp transfer mechanism failed on [192.168.0.3]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: sftp transfer mechanism failed on [192.168.0.2]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: sftp transfer mechanism failed on [192.168.0.4]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [192.168.0.2]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [192.168.0.3]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [192.168.0.5]. Use ANSIBLE_DEBUG=1 to see detailed information
[WARNING]: scp transfer mechanism failed on [192.168.0.4]. Use ANSIBLE_DEBUG=1 to see detailed information
fatal: [192.168.0.2]: FAILED! => {"msg": "Invalid/incorrect password: "}
fatal: [192.168.0.3]: FAILED! => {"msg": "Invalid/incorrect password: "}
fatal: [192.168.0.4]: FAILED! => {"msg": "Invalid/incorrect password: "}
fatal: [192.168.0.5]: FAILED! => {"msg": "Invalid/incorrect password: "}

PLAY RECAP *************************************************************************************************************
192.168.0.2               : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
192.168.0.3               : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
192.168.0.4               : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
192.168.0.5               : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

如果我尝试使用跳转主机使用命令连接到远程服务器,我可以毫无问题(系统需要在跳转主机密码之前和远程服务器密码之后)

ssh -o ProxyCommand="ssh -W %h:%p jumphost" toor@192.168.0.2

注意: 我在带有 natNetwork 的 VirtualBox 上的 Windows 电脑上从 Linux VM 运行这个 ansible-playbook。在我的 Windows 电脑上运行 VPN 以允许访问 JumpHost,我无法从 Windows 和 Linux 直接访问远程服务器 (192.168.0.x)。从 Linux 我可以访问 jumphost 和远程服务器(通过 jump 主机)

这个 ansible-playbook 可以在 Mac 电脑上运行(不使用 Linux VM)。

谢谢你的帮助。马可

标签: sshansible

解决方案

我解决了使用sshpass.
我修改了我的yaml文件如下:

ansible_ssh_common_args: -o ProxyCommand="sshpass -p $SSHPASS ssh -vvv -W %h:%p ispjh" -o PubkeyAuthentication=no -o PreferredAuthentications=password -o PasswordAuthentication=yes -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

并定义$SSHPASS为带有密码的环境变量,用于连接到跳转主机。

推荐阅读