我新安装了Ansible的Ubuntu服务器。 我尝试在我的网络中使用Ansible,但它从一开始就失败了
10.102.249.3是路由器
zab@UbuntuSrv:/etc/ansible$ ansible 10.102.249.3 -a "conf t" --ask-pass -vvv
SSH password:
<10.102.249.3> ESTABLISH CONNECTION FOR USER: zab
<10.102.249.3> REMOTE_MODULE command conf t
<10.102.249.3> EXEC ['sshpass', '-d6', 'ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/zab/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', '-o', 'ConnectTimeout=10', '10.102.249.3', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"]
<10.102.249.3> PUT /tmp/tmpZUkRET TO Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"/command
10.102.249.3 | FAILED => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210 && echo $HOME/.ansible/tmp/ansible-tmp-1412930091.8-230458979934210'"/command:
Connection to 10.102.249.3 closed by remote host.
Connection closed
zab@UbuntuSrv:/etc/ansible$ ansible 10.102.249.3 -m ping --ask-pass -vvv
SSH password:
<10.102.249.3> ESTABLISH CONNECTION FOR USER: zab
<10.102.249.3> REMOTE_MODULE ping
<10.102.249.3> EXEC ['sshpass', '-d6', 'ssh', '-C', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/zab/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', '-o', 'ConnectTimeout=10', '10.102.249.3', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"]
<10.102.249.3> PUT /tmp/tmpOPuOWh TO Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"/ping
10.102.249.3 | FAILED => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532 && echo $HOME/.ansible/tmp/ansible-tmp-1412930136.7-170302836431532'"/ping:
Connection to 10.102.249.3 closed by remote host.
Connection closed
更新
我的剧本有什么问题?
我得到ERROR: raw is not a legal parameter at this level in an Ansible Playbook
---
- hosts: testsw
remote_user: zab
tasks:
- name: copy tftp run
raw: copy tftp://10.1.78.153/test running-config
Update2:谢谢,现在播放了。但它无法连接到交换机(cisco 3750,cisco 2960)。我可以从这台服务器上创建ssh。 Ansible连接到第二个开关,我们可以se banner。我记得Ansible将python脚本推送到远程主机。但现在我在playbook中使用原始模块。它是否以这种方式起作用?
ansible-playbook test.yml --ask-pass
SSH password:
PLAY [testsw] *****************************************************************
GATHERING FACTS ***************************************************************
fatal: [10.0.100.61] => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308 && echo $HOME/.ansible/tmp/ansible-tmp-1413965089.88-16456712970308'"/setup:
Connection to 10.0.100.61 closed by remote host.
Connection closed
fatal: [10.0.100.60] => failed to transfer file to Line has invalid autocommand "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106 && echo $HOME/.ansible/tmp/ansible-tmp-1413965089.85-196216747271106'"/setup:
C Authorized access only!
Disconnect IMMEDIATELY if you are not an authorized network administrator!
channel_by_id: 2: bad id: channel free
client_input_channel_req: channel 2: unknown channel
Connection to 10.0.100.60 closed by remote host.
Connection closed
TASK: [copy tftp run] *********************************************************
FATAL: no hosts matched or all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/zab/test.retry
10.0.100.60 : ok=0 changed=0 unreachable=1 failed=0
10.0.100.61 : ok=0 changed=0 unreachable=1 failed=0
答案 0 :(得分:2)
对于Update2:您需要禁用收集Cisco设备的事实,因为这不支持。
---
- hosts: testsw
remote_user: zab
gather_facts: false
tasks:
- name: copy tftp run
raw: copy tftp://10.1.78.153/test running-config
原始模块只是在写入时通过ssh发送字符串,这通常是我使用Ansible + Cisco设备的方式。
对于openssh使用Cisco设备,我通常会设置我的本地.ssh / config,如下所示:
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
ServerAliveInterval 120
ServerAliveCountMax 2
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster auto
ControlPersist 60s
答案 1 :(得分:1)
Ansible现在支持核心模块中的cisco ios设备。你可以看看这里:https://docs.ansible.com/ansible/ios_config_module.html
这是一个简单的例子。
- name: play show commands and change running-config on cisco ios device
hosts:
- cisco
gather_facts: no
connection: local
roles:
- cisco
---
- name: define provider
set_fact:
provider:
host: "{{inventory_hostname}}"
username: "{{username}}"
password: "{{password}}"
- name: run show commands with ios_command
ios_command:
provider: "{{provider}}"
commands:
- show version
- show ip interface brief
- show inventory
- show ntp association
register: show_result
- debug: var=show_result.stdout_lines
- name: change ntp server with ios_config
ios_config:
provider: "{{ provider }}"
authorize: yes
lines:
- ntp server {{ntpsrv01}}
- ntp server {{ntpsrv02}}
replace: block
match: line
before:
- no ntp server {{ntpsrv03}}
- no ntp server {{ntpsrv04}}
force: true
- name: run show ntp association after change with ios_config
ios_command:
provider: "{{ provider }}"
commands:
- show ntp association
register: after_change_ntp
- debug: var=after_change_ntp.stdout_lines
- name: change syslog server with ios_template
ios_template:
host: "{{inventory_hostname}}"
username: "{{username}}"
password: "{{password}}"
src: config.j2
force: true
- name: run "show running | include logging host" after change made
ios_command:
provider: "{{ provider }}"
commands:
- show running | include logging host
register: syslogsrv_list
- debug: var=syslogsrv_list.stdout_lines
- name: write running-config to startup-config
ios_command:
provider: "{{ provider }}"
commands:
- write
register: write_output
- debug: var=write_output.stdout_lines
答案 2 :(得分:0)
由于您发送了conf t,我想您正在尝试与Cisco路由器通信。
这不起作用,因为Ansible推送在远程主机上执行的python脚本。
执行某项操作的唯一方法是使用raw模块,如下所示:
ansible cat -m raw -a 'show clock' --ask-pass -c paramiko
SSH password:
cat | success | rc=0 >>
11:11:51.676 METDST Fri Oct 10 2014
我也必须使用paramiko进行连接。 甚至不要考虑以这种方式发送confing:每次调用模块都会重新打开ssh连接,因此你不能使用连续的ansible命令发送配置。
您可以做的最好的事情是copy tftp://.... startup-config,首先将配置文件发送到tftp服务器。
然而,这很容易与ansible协调。
祝你好运。