Ansible - 如何在没有主机'真实性的情况下进入实例。提示?

时间:2016-08-19 20:30:35

标签: ssh amazon-ec2 ansible ansible-playbook

我使用ansible创建多个ec2实例,将文件复制到新创建的服务器中并在这些服务器上运行命令。问题是在创建服务器后,我仍然需要在以下ssh提示符中输入yes:

b=4.1

如何让ansible忽略此提示并自动回答“是”?这里参考我的剧本:

(x-a)**b = (-0.5)**4.1 = 0.0555+0.018j

注意:我已经尝试过运行:

TASK [Adding /etc/rc.local2 to consul servers] *********************************
changed: [localhost -> 172.31.52.147] => (item={u'ip': u'172.31.52.147', u'number': 0})
The authenticity of host '172.31.57.20 (172.31.57.20)' can't be established.
ECDSA key fingerprint is 5e:c3:2e:52:10:29:1c:44:6f:d3:ac:10:78:10:01:89.
Are you sure you want to continue connecting (yes/no)? yes
changed: [localhost -> 172.31.57.20] => (item={u'ip': u'172.31.57.20', u'number': 1})
The authenticity of host '172.31.57.19 (172.31.57.19)' can't be established.
ECDSA key fingerprint is 4e:71:15:fe:c9:ec:3f:54:65:e8:a1:66:74:92:f4:ff.
Are you sure you want to continue connecting (yes/no)? yes

并且它不会删除提示。

进入--- - hosts: localhost connection: local gather_facts: false sudo: yes vars_files: - ami-keys.yml - ami-image.yml tasks: - name: create 3 consul servers ec2: aws_access_key: '{{ aws_access_key }}' aws_secret_key: '{{ aws_secret_key }}' key_name: terra group: default instance_type: t2.micro image: '{{ ami }}' region: '{{ region }}' wait: true exact_count: 3 count_tag: Name: consul-server instance_tags: Name: consul-server register: ec2 - name: Wait for SSH to come up wait_for: host={{ item }} port=22 delay=1 timeout=480 state=started with_items: - "{{ ec2['tagged_instances'][0]['private_ip'] }}" - "{{ ec2['tagged_instances'][1]['private_ip'] }}" - "{{ ec2['tagged_instances'][2]['private_ip'] }}" # shows the json data for the instances created - name: consul server ec2 instance json data debug: msg: "{{ ec2['tagged_instances'] }}" # bootstrapping - name: Adding /etc/rc.local2 to consul servers template: src: template/{{ item.number }}.sh dest: /etc/rc.local2 delegate_to: "{{ item.ip }}" with_items: - ip: "{{ ec2['tagged_instances'][0]['private_ip'] }}" number: 0 - ip: "{{ ec2['tagged_instances'][1]['private_ip'] }}" number: 1 - ip: "{{ ec2['tagged_instances'][2]['private_ip'] }}" number: 2 ignore_errors: true - name: give /etc/rc.local2 permissions to run and starting swarm shell: "{{ item[1] }}" delegate_to: "{{ item[0] }}" with_nested: - [ "{{ ec2['tagged_instances'][0]['private_ip'] }}", "{{ ec2['tagged_instances'][1]['private_ip'] }}", "{{ ec2['tagged_instances'][2]['private_ip'] }}" ] - [ "sudo chmod +x /etc/rc.local2", "sleep 10", "consul reload", "docker run --name swarm-manager -d -p 4000:4000 --restart=unless-stopped \ swarm manage -H :4000 \ --replication --advertise \ $(hostname -i):4000 \ consul://$(hostname -i):8500" ] ignore_errors: true 并取消注释行ansible-playbook -e 'host_key_checking=False' consul-server.yml 确实会删除提示但是我想避免这样做,并且当我运行我的Playbook时,在我的playbook或命令行中输入内容。

1 个答案:

答案 0 :(得分:6)

通常的建议是在Ansible配置中设置host_key_checking=False。这是一个坏主意,因为它假设您的网络连接永远不会受到损害。

更好的想法是,首次创建服务器时,假设网络不是MitMed,而是使用ssh-keyscan添加服务器'指纹到已知主机文件:

- name: accept new ssh fingerprints                                         
    shell: ssh-keyscan -H {{ item.public_ip }} >> ~/.ssh/known_hosts          
    with_items: '{{ ec2.instances }}'
相关问题
最新问题