gpt4 book ai didi

ssh - 如何配置 Ansible 来跳过两台堡垒机?

转载 作者:行者123 更新时间:2023-12-02 13:47:51 30 4
gpt4 key购买 nike

我想写一个 Ansible playbook(使用 Ansible 2.7.5),它会在到达目标服务器之前跳过两个主机来执行安装 docker 和 python 等操作。

通过将此添加到我的 hosts 文件中,我能够让 Ansible 通过一台主机跳转到 server1:

[server1:vars]
ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q bastion"'

我还更新了我的 ~/.ssh/config 文件:

Host bastion
Hostname YY.YY.YY.YY
User user
IdentityFile ~/.ssh/bastion_private_key

Host server1
Hostname XX.XX.XX.XX
User user
IdentityFile ~/.ssh/private_key
ProxyJump bastion

不过,我现在还需要通过两台主机来完成。我已将以下内容添加到 ~/.ssh/config:

Host server2
Hostname ZZ.ZZ.ZZ.ZZ
User user
IdentityFile ~/.ssh/private_key_3
ProxyJump server1

这允许我键入 ssh server2 并在 server2 中打开一个 shell。所以这似乎有效。

但是,我不知道如何更改 hosts 文件以跳过这两个主机。我试过:

ansible_ssh_common_args='-o ProxyCommand="ssh -J bastion,server1"'

ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q bastion ssh -W %h:%p -q server1"'

两者都不起作用,并且都会导致超时。我应该怎么做才能使 Ansible 跳过 bastion 然后 server1 以便它可以到达 server2

这是我运行 -vvvv 时的结果(混淆了一些路径和名称):

ansible-playbook 2.7.5
config file = /path/to/dir/ansible.cfg
configured module search path = [u'/home/user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.15rc1 (default, Nov 12 2018, 14:31:15) [GCC 7.3.0]
Using /path/to/dir/ansible.cfg as config file
setting up inventory plugins
/path/to/dir/hosts did not meet host_list requirements, check plugin documentation if this is unexpected
/path/to/dir/hosts did not meet script requirements, check plugin documentation if this is unexpected
/path/to/dir/hosts inventory source with ini plugin
[WARNING]: Found both group and host with same name: server2

statically imported: /path/to/dir/tasks/ansible.yml
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc

PLAYBOOK: enable-ansible.yml *********************************************************************************************************************************
1 plays in enable-ansible.yml

PLAY [server2] ****************************************************************************************************************************************

TASK [Gathering Facts] ***************************************************************************************************************************************
task path: /path/to/dir/enable-ansible.yml:2
<server2> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<server2> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o 'ProxyCommand=ssh -W %h:%p -q bastion ssh -W %h:%p -q server1' -o ControlPath=/home/user/.ansible/cp/460e3f86d3 server2 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1546192323.33-48994637286535 `" && echo ansible-tmp-1546192323.33-48994637286535="` echo /tmp/ansible-tmp-1546192323.33-48994637286535 `" ) && sleep 0'"'"''
<server2> (255, '', 'OpenSSH_7.6p1 Ubuntu-4ubuntu0.1, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data /home/user/.ssh/config\r\ndebug1: /home/user/.ssh/config line 70: Applying options for server2\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/home/user/.ansible/cp/460e3f86d3" does not exist\r\ndebug1: Executing proxy command: exec ssh -W SERVER2_IP_ADDRESS:22 -q bastion ssh -W SERVER2_IP_ADDRESS:22 -q server1\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /home/user/.ssh/bastion type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /home/user/.ssh/bastion-cert type -1\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1\r\ndebug1: permanently_drop_suid: 1000\r\nConnection timed out during banner exchange\r\n')
fatal: [server2]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: OpenSSH_7.6p1 Ubuntu-4ubuntu0.1, OpenSSL 1.0.2n 7 Dec 2017\r\ndebug1: Reading configuration data /home/user/.ssh/config\r\ndebug1: /home/user/.ssh/config line 70: Applying options for server2\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/home/user/.ansible/cp/460e3f86d3\" does not exist\r\ndebug1: Executing proxy command: exec ssh -W SERVER2_IP_ADDRESS:22 -q bastion ssh -W SERVER2_IP_ADDRESS:22 -q server1\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /home/user/.ssh/bastion type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /home/user/.ssh/bastion-cert type -1\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1\r\ndebug1: permanently_drop_suid: 1000\r\nConnection timed out during banner exchange\r\n",
"unreachable": true
}
to retry, use: --limit @/home/user/Documents/repos/cloud-devops/enable-ansible.retry

PLAY RECAP ***************************************************************************************************************************************************
server2 : ok=0 changed=0 unreachable=1 failed=0

对于一些添加的上下文,此 playbook 以非 root 帐户登录远程服务器并在其中创建 ansible 用户。重申一下,当我只跳过一个主机时,这个剧本是有效的。

最佳答案

就用

ansible_ssh_common_args='-J bastion,server1'

关于ssh - 如何配置 Ansible 来跳过两台堡垒机?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53966782/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com