遵循本指南(和其他人)running-ansible-through-ssh-bastion-host。 我将ssh.cfg文件设置为允许连接到多个堡垒后面的主机。
代理 - > util - >监视器 - >更
我可以连接到util服务器:
[self@home]$ ssh -F ssh.cfg util
...
[self@util]$
和监控服务器:
[self@home]$ ssh -F ssh.cfg monitor
...
[self@monitor]$
ssh.conf:
Host *
ServerAliveInterval 60
ControlMaster auto
ControlPath ~/.ssh/mux-%r@%h:%p
ControlPersist 15m
Host proxy
HostName proxy01.com
ForwardAgent yes
Host util
HostName util01.priv
ProxyCommand ssh -W %h:%p proxy
Host monitor
HostName mon01.priv
ProxyCommand ssh -W %h:%p util
ansible库存文件:
[bastion]
proxy
[utility]
util
monitor
ansible.cfg:
[ssh_connection]
ssh_args = -F ./ssh.cfg -o ControlMaster=auto -o ControlPersist=15m
control_path = ~/.ssh/ansible-%%r@%%h:%%p
当我执行任何ansible命令时,它们似乎没有任何问题地命中代理主机,但无法连接到util主机和监视器主机。
> ansible all -a "/bin/echo hello"
util | UNREACHABLE! => {
"changed": false,
"msg": "SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh",
"unreachable": true
}
proxy | SUCCESS | rc=0 >>
hello
monitor | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
附加: 经过一些更多的黑客攻击,我有关键显示器主机,并发现ansible可以连接到代理和监视器,但在util主机上失败...这是非常奇怪的,因为它必须通过用于点击监视器的util主机。
util | UNREACHABLE! => {
"changed": false,
"msg": "SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh",
"unreachable": true
}
proxy | SUCCESS | rc=0 >>
hello
monitor | SUCCESS | rc=0 >>
hello
答案 0 :(得分:1)
在尝试了不同的指南之后,这个解决方案让我可以在服务器上使用ansible而不是通过代理/堡垒来获取目录ssh。
这是我的〜/ .ssh / config文件:
Host *
ServerAliveInterval 60
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ForwardAgent yes
####### Access to the Private Subnet Server through Proxy/bastion ########
Host proxy-server
HostName x.x.x.x
ForwardAgent yes
Host private-server
HostName y.y.y.y
ProxyCommand ssh -q proxy-server nc -q0 %h %p
希望能帮助你。
答案 1 :(得分:0)
由于某些未知原因,Ansible忽略了多个主机,配置帮助我
INNER JOIN OVUTCMN.DATE_DIM_TXT ON
(
OVUTCMN.DATE_DIM.DATE_KEY = OVUTCMN.DATE_DIM_TXT.DATE_KEY
AND OVUTCMN.DATE_DIM_TXT.DATE_KEY
)