在离线环境下使用Ansible #2 ~Ansible问题专辑~
首先
我是一名基础设施工程师,平时从最底层开始创建虚拟环境并安装客户端操作系统。因此,与专业术语以及自动化和效率提升有些许无缘。这篇文章是我记录关于使用Ansible的决心和努力,希望能够掌握并使用它。(与#1相似)
在上一次的离线环境中,通过Ansible #1 进行了服务器和客户端的配置,现在要运行Ansible。
问题的起源…
首先,在流程执行Playbook之前,我想要确保Ansible能够正常工作,所以我在命令行上进行了操作。这次我打算按照ID和名称的指定,尝试创建一个新的用户组。
现在,让我们尝试执行配置。但是,当开始执行时,出现了错误。
ansible all -m group -a "name=AAA gid=10000"
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change,
but still be user configurable on deprecation. This feature will be removed in version 2.10. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
{IP-ADDRESS} | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
# ansible Ansible-Client -m group -a "name=AAA gid=10000"
首先,由于未指定连接SSH的目标用户,因此尝试使用与Ansible服务器相同的root用户进行连接。由于没有通过root用户进行身份验证,所以当然无法访问。
因此,我们将通过确认连接用户来建立连接。方法是使用Ansible指定SSH连接用户的方式。
# vim /etc/ansible/hosts
...
[Ansible-Client]
ansible-client ansible_ssh_user=ansible
这样就可以了。现在你可以使用ansible用户,所以我们可以再次尝试。
# ansible Ansible-Client -m group -a "name=AAA gid=10000"
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change,
but still be user configurable on deprecation. This feature will be removed in version 2.10. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
{IP-ADDRESS} | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"cmd": "/sbin/groupadd -g 10000 AAA",
"msg": "[Errno 13] Permission denied",
"rc": 13
}
权限问题。虽然给了sudo权限,但因为sudo需要密码,尝试突破ssh认证会返回错误。当然是这样啦。真麻烦呢。
因为担心这次没有密码认证会很麻烦,所以决定把公钥传给root用户并在root用户下执行。
# ansible Ansible-Client -m group -a "name=AAA gid=10000"
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change,
but still be user configurable on deprecation. This feature will be removed in version 2.10. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
{IPADDRESS} | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 10000,
"name": "AAA",
"state": "present",
"system": false
}
终于!!!终于做完了。哇哦。
