Question

我有以下剧本：

- hosts: localhost
  connection: local
  remote_user: test
  gather_facts: no

  vars_files:
    - files/aws_creds.yml
    - files/info.yml

  environment:
    AWS_ACCESS_KEY_ID: "{{ aws_id }}"
    AWS_SECRET_ACCESS_KEY: "{{ aws_key }}"
    s3cmd_access_key: "{{ aws_id }}"
    s3cmd_secret_key: "{{ aws_key }}"

  tasks:
    - name: Basic provisioning of EC2 instance
      ec2:
        assign_public_ip: no
        aws_access_key: "{{ aws_id }}"
        aws_secret_key: "{{ aws_key }}"
        region: "{{ aws_region }}"
        image: "{{image_instance }}"
        instance_type: "{{ free_instance }}"
        key_name: "{{ ssh_keyname }}"
        count: 3
        state: present
        group_id: "{{ secgroup_id }}"
        vpc_subnet_id: "{{ private_subnet_id }}"
        wait: no
        instance_tags:
          Name: Dawny33Template
        #delete_on_termination: yes
      register: ec2


    - name: Add new instance to host group
      add_host:
        hostname: "{{ item.private_ip }}"
        groupname: launched
      with_items: "{{ ec2.instances }}"

    - name: Wait for SSH to come up
      wait_for:
        host: "{{ item.private_ip }}"
        port: 22
        delay: 60
        timeout: 320
        state: started
      with_items: "{{ ec2.instances }}"

- hosts: launched
  sudo: true
  remote_user: test
  gather_facts: yes

  vars_files:
    - files/aws_creds.yml
    - files/info.yml

  environment:
    AWS_ACCESS_KEY_ID: "{{ aws_id }}"
    AWS_SECRET_ACCESS_KEY: "{{ aws_key }}"
    s3cmd_access_key: "{{ aws_id }}"
    s3cmd_secret_key: "{{ aws_key }}"

  tasks:
    - name: Add file system for the volume
      command: mkfs -t ext4 /dev/xvdb
      sudo: yes

    - name: Create a directory for mounting
      command: mkdir /home/ec2-user/EncryptedEBS

    - name: Mount the volume
      command: mount /dev/xvdb /home/ec2-user/EncryptedEBS
      sudo: yes

    - name: Owning the mounted folder
      command: chown ec2-user /home/ec2-user/EncryptedEBS/lost+found/
      sudo: yes

    - name: check out a git repository
      git: repo={{ repo_url }} dest=/home/ec2-user/EncryptedEBS/GitRepo accept_hostkey=yes force=yes
      vars:
        repo_url: https://github.com/Dawny33/AnsibleExperiments
      become: yes


    - name: Go to the folder and execute command
      command: chmod 0755 /home/ec2-user/EncryptedEBS/GitRepo/processing.py
      become: yes
      become_user: root

    - name: Run Py script
      command: /home/ec2-user/EncryptedEBS/GitRepo/processing.py {{ N }} {{ bucket_name }}
      become: yes
      become_user: root

然而，我得到了'＃34; Permission denied＆＃34;错误，当Ansible尝试连接到我的远程主机时，即使我已经定义了env。 environment

中的变量

我在这里做错了什么吗？

错误：

fatal: [10.0.1.62]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
    "unreachable": true
}
fatal: [10.0.1.177]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
    "unreachable": true
}
fatal: [10.0.1.151]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
    "unreachable": true
}

添加完整的-vvv输出：

Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
<10.0.1.170> ESTABLISH SSH CONNECTION FOR USER: ec2-user
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
<10.0.1.11> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.1.170> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.170 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" ) && sleep 0'"'"''
<10.0.1.11> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.11 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" ) && sleep 0'"'"''
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
<10.0.1.45> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.1.45> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.45 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" ) && sleep 0'"'"''
<10.0.1.170> ssh_retry: attempt: 0, ssh return code is 255. cmd (/bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" ) && sleep 0'...), pausing for 0 seconds
<10.0.1.170> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.1.170> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.170 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" ) && sleep 0'"'"''
<10.0.1.11> ssh_retry: attempt: 0, ssh return code is 255. cmd (/bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" ) && sleep 0'...), pausing for 0 seconds
<10.0.1.11> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.1.11> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.11 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" ) && sleep 0'"'"''
<10.0.1.45> ssh_retry: attempt: 0, ssh return code is 255. cmd (/bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" ) && sleep 0'...), pausing for 0 seconds
<10.0.1.45> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.1.45> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.45 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" ) && sleep 0'"'"''
<10.0.1.170> ssh_retry: attempt: 1, ssh return code is 255. cmd (/bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" ) && sleep 0'...), pausing for 1 seconds
<10.0.1.11> ssh_retry: attempt: 1, ssh return code is 255. cmd (/bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" ) && sleep 0'...), pausing for 1 seconds
<10.0.1.45> ssh_retry: attempt: 1, ssh return code is 255. cmd (/bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" ) && sleep 0'...), pausing for 1 seconds
<10.0.1.170> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.1.170> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.170 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" ) && sleep 0'"'"''
<10.0.1.11> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.1.11> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.11 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" ) && sleep 0'"'"''
<10.0.1.45> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.1.45> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.45 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" ) && sleep 0'"'"''
fatal: [10.0.1.11]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
    "unreachable": true
}
fatal: [10.0.1.170]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
    "unreachable": true
}
fatal: [10.0.1.45]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
    "unreachable": true
}

Answer 1

不要忘记，当你使用ec2.py时，你应该首先添加你的pem，如下所示：

print (df1.index.get_level_values('year'))

Answer 2

在这里，我不确定为什么密钥甚至不允许手动ssh。所以，我生成了一个新密钥（pem文件）并使用它。 [Manual ssh worked with that file]

现在，问题在于以下块：

- hosts: launched
  sudo: true
  remote_user: test
  gather_facts: yes

我把它编辑为：

- hosts: launched
  sudo: no
  connection: ssh
  remote_user: ec2-user
  gather_facts: yes

它有效。原因必须是显而易见的。连接必须是ssh而不是local，对于Amazon Linux实例，用户名应为ec2-user，对于ubuntu实例，用户名应为Ubuntu。

Answer 3

使用ssh-keygen工具生成ssh公钥并将〜/ .ssh / id_rsa.pub密钥复制到〜/ .ssh / authorized_keys文件中。

Ansible throw＆＃34;无法通过ssh连接到主机：Permission denied（publickey）。＆＃34;远程连接出错

3 个答案: