Public IP:xxx.xxx.xxx.xxx(这是为了直接访问公共虚拟机:webserver-1 ansible_port=50003 ansible_host=xxx.xxx.xxx.xxx ansible_user=ronak ansible_ssh_private_key_file=priv_key)
私人IP:10.0.2.4(ssh ronak@10.0.2.4)
ssh ssh
vagrant host ----> public host (port: 50003) ----> private host (port: 22)
^ ^
using A's using B's
ssh priv key PASSWORD
主机:
[database]
dbserver-1 ansible_port=22 ansible_host=10.0.2.4 ansible_user=ronak ansible_ssh_pass=password
dbserver.yml:
- hosts: "database"
remote_user: ronak
become: yes
become_user: root
become_method: sudo
gather_facts: no
vars:
- ansible_ssh_common_args: '-o ProxyCommand="ssh -i ./priv_key -o StrictHostKeyChecking=no -W %h:%p ronak@xx.xx.xx.xx -p 50003"'
roles:
- dbserver
错误:
vagrant@vagrant-ubuntu-trusty-64:/var/www/Ansible$ ansible-playbook dbserver.yml -vvv
Using /var/www/Ansible/ansible.cfg as config file
task path: /var/www/Ansible/roles/dbserver/tasks/main.yml:2
Using module file /usr/local/lib/python2.7/dist-packages/ansible/modules/packaging/os/apt.py
<10.0.2.4> ESTABLISH SSH CONNECTION FOR USER: ronak
<10.0.2.4> SSH: EXEC sshpass -d12 ssh -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o Port=22 -o User=ronak -o ConnectTimeout=10 -o 'ProxyCommand=ssh -i ./priv_key -o StrictHostKeyChecking=no -W %h:%p ronak@xx.xx.xx.xx -p 50003' -o ControlPath=/home/vagrant/.ansible/cp/dbabe40296 10.0.2.4 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<10.0.2.4> (5, '', "Warning: Permanently added '10.0.2.4' (ECDSA) to the list of known hosts.\r\nPermission denied, please try again.\r\n")
<10.0.2.4> ESTABLISH SSH CONNECTION FOR USER: ronak
<10.0.2.4> SSH: EXEC sshpass -d12 ssh -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o Port=22 -o User=ronak -o ConnectTimeout=10 -o 'ProxyCommand=ssh -i ./priv_key -o StrictHostKeyChecking=no -W %h:%p ronak@xx.xx.xx.xx -p 50003' -o ControlPath=/home/vagrant/.ansible/cp/dbabe40296 10.0.2.4 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1495038139.56-230805529478418 `" && echo ansible-tmp-1495038139.56-230805529478418="` echo ~/.ansible/tmp/ansible-tmp-1495038139.56-230805529478418 `" ) && sleep 0'"'"''
<10.0.2.4> (5, '', "Warning: Permanently added '10.0.2.4' (ECDSA) to the list of known hosts.\r\nPermission denied, please try again.\r\n")
fatal: [dbserver-1]: UNREACHABLE! => {
"changed": false,
"msg": "Authentication failure.",
"unreachable": true
}
ansible.cfg
[defaults]
inventory = ./hosts
ask_sudo_pass = True
host_key_checking = False
[paramiko_connection]
record_host_keys = False
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o
UserKnownHostsFile=/dev/null
ANSIBLE_DEBUG
Warning: Permanently added '10.0.2.4' (ECDSA) to the list of known hosts.
<<<
4156 1495119116.27802: stderr chunk (state=3):
>>>debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
<<<
4156 1495119116.27876: stderr chunk (state=3):
>>>debug2: set_newkeys: mode 0
<<<
4156 1495119116.27929: stderr chunk (state=3):
>>>debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
<<<
4156 1495119116.37456: stderr chunk (state=3):
>>>debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/vagrant/.ssh/id_rsa ((nil)),
debug2: key: /home/vagrant/.ssh/id_dsa ((nil)),
debug2: key: /home/vagrant/.ssh/id_ecdsa ((nil)),
debug2: key: /home/vagrant/.ssh/id_ed25519 ((nil)),
<<<
4156 1495119116.40286: stderr chunk (state=3):
>>>debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/vagrant/.ssh/id_rsa
debug3: no such identity: /home/vagrant/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/vagrant/.ssh/id_dsa
debug3: no such identity: /home/vagrant/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/vagrant/.ssh/id_ecdsa
debug3: no such identity: /home/vagrant/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/vagrant/.ssh/id_ed25519
debug3: no such identity: /home/vagrant/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
<<<
4156 1495119116.40710: stderr chunk (state=3):
>>>debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
<<<
4156 1495119118.39890: stderr chunk (state=3):
>>>debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
<<<
10.0.4.2 log /var/log/auth.log
May 18 15:03:16 dev-db-VM0 sshd[51082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.1.5 user=ronak
May 18 15:03:18 dev-db-VM0 sshd[51082]: Failed password for ronak from 10.0.1.5 port 49234 ssh2
May 18 15:03:18 dev-db-VM0 sshd[51082]: Failed password for ronak from 10.0.1.5 port 49234 ssh2
May 18 15:03:18 dev-db-VM0 sshd[51082]: Connection closed by 10.0.1.5 port 49234 [preauth]
May 18 15:03:20 dev-db-VM0 sshd[51086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.1.5 user=ronak
May 18 15:03:22 dev-db-VM0 sshd[51086]: Failed password for ronak from 10.0.1.5 port 49236 ssh2
May 18 15:03:22 dev-db-VM0 sshd[51086]: Connection closed by 10.0.1.5 port 49236 [preauth]
答案 0 :(得分:1)
查看sshd日志:
May 18 15:03:20 dev-db-VM0 sshd[51086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.1.5 user=ronak
May 18 15:03:22 dev-db-VM0 sshd[51086]: Failed password for ronak from 10.0.1.5 port 49236 ssh2
我认为问题在于ronak帐户的密码不正确。
请确保正确设置(将其复制并再次粘贴到配置文件中)
还要确保没有变量priority碰撞
您可以尝试使用-e ansible_ssh_pass=password执行playbook,以确保密码设置的最高优先级。
P.S。我已经在虚拟框中模仿了你的环境,一切都运行良好,类似的设置。