注意:此问题中的所有代码示例都可以在https://github.com/discopatrick/ansible-pocs/tree/feature/sync的上下文中查看(请注意特定的分支)。在适当的地方,我还提供了指向特定行的链接。
有用的信息:
版本在需求文件中:
https://github.com/discopatrick/ansible-pocs/blob/feature/sync/requirements.txt
问题:如何在无所事事的盒子和远程主机之间使用Ansible同步模块?
我将通过首先展示成功的用例,然后展示我期望的用例如何失败来演示我的问题。
在两个远程主机之间同步:成功
我一直在使用委托(delegate)_to参数在两个远程主机之间使用同步模块,它的工作原理非常好:
https://github.com/discopatrick/ansible-pocs/blob/feature/sync/rsync-remote.yml#L39-L52
## This playbook is run against host ansible-pocs-1, but this task is
## delegated to ansible-pocs-2. In practice this means that the task
## first ssh's into ansible-pocs-2 and then runs rsync in PUSH mode
## using ansible-pocs-1 as the destination.
- name: sync remote folder to remote folder
synchronize:
src: /home/admin/syncthis-pocs2/
dest: /home/admin/syncthis-pocs1/
delete: yes
delegate_to: ansible-pocs-2
输出:
TASK [sync remote folder to remote folder] ************************************* changed: [ansible-pocs-1 -> None]
请注意,两个远程计算机都使用相同的密钥对进行登录(我的本地主机上为“〜/ .ssh / id_rsa”),相同的用户名(“admin”)和相同的ssh端口(22)。
以下是该任务的详细输出示例-我相信以后可能会变得很重要:
... changed: [ansible-pocs-1 -> None] => { "changed": true, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o Port=22' --out-format='<>%i %n%L' \"/home/admin/syncthis-pocs2/\" \"178.62.50.236:/home/admin/syncthis-pocs1/\"", ...
在无所事事的盒子和远程主机之间同步:失败
我现在正在尝试在无所事事的盒子和远程主机之间做同样的事情,但是我得到了一个错误。这是任务代码。要明确的是,无业游民的盒子叫做'alpha':
https://github.com/discopatrick/ansible-pocs/blob/feature/sync/rsync-vagrant-1step.yml#L26-L35
## This playbook is run against host ansible-pocs-1, but this task is
## delegated to alpha. In practice this means that the task
## first ssh's into alpha and then runs rsync in PUSH mode
## using ansible-pocs-1 as the destination.
- name: sync vagrant folder to remote folder
synchronize:
src: /home/vagrant/syncthis-alpha/
dest: /home/admin/syncthis-pocs1/
delete: yes
delegate_to: alpha
这是错误:
fatal: [ansible-pocs-1 -> None]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh -i /Users/patrick/Documents/Development/ansible-pocs/.vagrant/machines/alpha/virtualbox/private_key -S none -o StrictHostKeyChecking=no -o Port=2200' --out-format='<>%i %n%L' \"/home/vagrant/syncthis-alpha/\" \"178.62.50.236:/home/admin/syncthis-pocs1/\"", "failed": true, "msg": "Warning: Identity file /Users/patrick/Documents/Development/ansible-pocs/.vagrant/machines/alpha/virtualbox/private_key not accessible: No such file or directory.\nssh: connect to host 178.62.50.236 port 2200: Connection refused\r\nrsync: connection unexpectedly closed (0 bytes received so far) [sender]\nrsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.0]\n", "rc": 12}
关于此错误消息,有两个有趣的事情:SSH端口和私钥的路径。
Ansible尝试使用不正确的SSH端口
Ansible尝试连接到我的远程主机上的端口2200。这行不通; vagrant框上的ssh端口是2200,但是远程主机使用端口22。连接暂存组远程主机时,Ansible似乎正在使用开发组 list 文件中的设置。
这是开发 list :
alpha ansible_ssh_host=127.0.0.1 ansible_ssh_port=2200 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='/Users/patrick/Documents/Development/ansible-pocs/.vagrant/machines/alpha/virtualbox/private_key'
...
这是未指定端口(隐式使用端口22)的暂存 list :
ansible-pocs-1 ansible_ssh_host=178.62.50.236
ansible-pocs-2 ansible_ssh_host=178.62.96.61
...
我可以通过明确说明要在远程主机上使用的端口来解决此问题:
ansible-pocs-1 ansible_ssh_host=178.62.50.236 ansible_ssh_port=22
...
现在输出为:
... -o Port=22 ...
转到下一个兴趣点:
Ansible尝试通过主机(而不是无聊的 guest )上存在的路径访问私钥
Warning: Identity file /Users/patrick/Documents/Development/ansible-pocs/.vagrant/machines/alpha/virtualbox/private_key not accessible: No such file or directory.\nPermission denied (publickey).
该路径存在于我的主机上。为什么Ansible尝试将其输入到 guest 计算机上正在执行的rsync命令中?这可能是同步模块中的错误吗?
此外,尝试在两个远程主机之间进行连接时,为什么同步模块没有此问题?如果您在上面查看后续成功的远程到远程同步任务的详细输出,则不会尝试访问不存在的路径。在那种情况下,我相信ssh密钥转发可以很好地解决问题。
我试图以与上一期相同的方式解决此问题-在登台主机文件中明确指出要使用的私钥文件:
ansible-pocs-1 ansible_ssh_host=178.62.50.236 ansible_ssh_port=22 ansible_ssh_private_key_file=~/.ssh/id_rsa
...但这会导致相同的错误消息。
问题可能是流浪汉和远程邮箱的ssh用户名不同吗?这似乎对剧中的其余任务无关紧要,这些任务可以使用委托(delegate)_to在不同主机上的运行任务之间轻松切换。无论如何,我可以尝试通过以下方式在 list 中明确指出要连接到哪个用户的用户:
ansible-pocs-1 ansible_ssh_host=178.62.50.236 ansible_ssh_port=22 ansible_ssh_private_key_file=~/.ssh/id_rsa ansible_ssh_user=admin
...同样,同样的错误消息。
进一步的调查
我还试图将我的默认公钥插入到vagrant框的authorized_keys文件中,希望在所有计算机(vagrant和远程计算机)上使用相同的密钥可能有所帮助。这是执行此操作的代码(由于无法解决问题,目前已部分注释):
https://github.com/discopatrick/ansible-pocs/blob/feature/sync/Vagrantfile#L13-L25
# config.ssh.insert_key = false # don't insert secure key, use default insecure key
# config.ssh.private_key_path = [
# "~/.ssh/id_rsa", # the first key in the list is the one used by ansible
# "~/.vagrant.d/insecure_private_key", # vagrant will attempt to use subsequent keys on a \`vagrant ssh\`
# ]
# add host default public ssh key to guest authorized_keys file
config.vm.provision "file",
source: "~/.ssh/id_rsa.pub",
destination: "~/host_id_rsa.pub"
config.vm.provision "shell",
inline: "cat ~/host_id_rsa.pub >> ~/.ssh/authorized_keys",
privileged: false # runs with sudo by default
该错误消息几乎是相同的,除了现在它正在尝试在无业游民的盒子上找到
/Users/patrick/.ssh/id_rsa的路径,这当然是不存在的:fatal: [ansible-pocs-1 -> None]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh -i /Users/patrick/.ssh/id_rsa -S none -o StrictHostKeyChecking=no -o Port=22' --out-format='<>%i %n%L' \"/home/vagrant/syncthis-alpha/\" \"178.62.50.236:/home/admin/syncthis-pocs1/\"", "failed": true, "msg": "Warning: Identity file /Users/patrick/.ssh/id_rsa not accessible: No such file or directory.\nPermission denied (publickey).\r\nrsync: connection unexpectedly closed (0 bytes received so far) [sender]\nrsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.0]\n", "rc": 12}
用户错误或错误?
我以为我会在将其作为Ansible团队的错误提交之前,先将其发布在Stack Overflow上,因为我一直以来都很细致,我可能错过了一些简单的东西。
有人可以帮忙吗?
最佳答案
遇到相同的问题,如果将其放在synchronize任务之前,则可以使用以下解决方法:
- name: Set correct ssh key path
set_fact:
ansible_ssh_private_key_file: "{{ ansible_ssh_private_key_file | realpath }}"
when: ansible_ssh_private_key_file is defined
关于ssh - 无用信息框和远程主机之间的Ansible同步模块失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42578924/