我想测试用户是否能够使用SSH密码进行SSH。这就是我要做的。我尝试了以下模块:local_action,wait_for,但是这些没有给我结果。剧本的结果只能告诉我尝试SSH时连接成功或失败的位置。
要求是测试哪个用户帐户成功建立了到远程服务器的SSH连接。将要运行ansible脚本的用户在这些服务器上拥有多个帐户,但是SSH登录将以用户不知道的正确权限成功登录。用户帐户均具有相同的密码。
库存文件:
all:
children:
FXO-Test:
hosts:
host1.abcd.com:
host2.abcd.com:
vars:
ansible_user: user1
剧本:
---
- hosts: "{{ targethosts }}"
gather_facts: no
tasks:
- name: Test connection
local_action: command ssh -q -o BatchMode=yes -o ConnectTimeout=3 {{ inventory_hostname }}
register: test_user
ignore_errors: true
changed_when: false
使用命令调用:
ansible-playbook checkLogin.yml -i ans_inventory_test --ask-pass --extra-vars "targethosts=FXO-Test" | tee verify_user.log
期望查看哪些SSH连接失败以及哪些连接正常。
根据弗拉基米尔·博特卡(Vladimir Botka)的回应,我对剧本进行了一些调整,以从清单文件中提取主机名。
我更新的剧本'verifySSHLogin.yml':
- hosts: localhost
gather_facts: no
vars:
my_users:
- user1
- user2
my_hosts: "{{ query('inventory_hostnames', 'all') }}"
tasks:
- expect:
command: "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no {{ item.0 }}@{{ item.1 }}"
timeout: 2
responses:
(.*)password(.*):
- "password" # Fit the password
- "\x03" # Ctrl-C
(.*)\$(.*): "exit" # Fit the prompt
loop: "{{ my_users|product(my_hosts)|list }}"
register: result
ignore_errors: yes
- debug:
msg: "{{ (item.rc == 0)|ternary(item.invocation.module_args.command ~ ' [OK]',item.invocation.module_args.command ~ ' [KO]') }}"
loop: "{{ result.results }}"
我现在使用以下命令调用
:ansible-playbook verifySSHLogin.yml -i ans_inventory_test --extra-vars "targethosts=FXO-Test" | tee verify_user.log
然后我可以像这样对verify_user.log做一个grep:
grep '\"msg\": \"ssh' verify_user.log
这给了我以下期望的结果:
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user1@host1.abc.corp.com [OK]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user1@host2.abc.corp.com [OK]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user1@host3.abc.corp.com [KO]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user2@host1.abc.corp.com [KO]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user2@host2.abc.corp.com [KO]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user2@host3.abc.corp.com [KO]"
进一步调整了剧本,以避免对SSH密码进行硬编码。最终的剧本看起来像现在这样:
- hosts: localhost
gather_facts: no
vars:
my_users:
- user1
- user2
my_hosts: "{{ query('inventory_hostnames', 'all') }}"
tasks:
- expect:
command: "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no {{ item.0 }}@{{ item.1 }}"
timeout: 2
responses:
(.*)password(.*):
- "{{ ansible_password }}" # Fit the password
- "\x03" # Ctrl-C
(.*)\$(.*): "exit" # Fit the prompt
loop: "{{ my_users|product(my_hosts)|list }}"
register: result
ignore_errors: yes
- debug:
msg: "{{ (item.rc == 0)|ternary(item.invocation.module_args.command ~ ' [OK]',item.invocation.module_args.command ~ ' [KO]') }}"
loop: "{{ result.results }}"
SSH密码可以像这样传递给ansible-playbook命令:
ansible-playbook verifySSHLogin.yml -i ans_inventory_test -k --extra-vars "targethosts=FXO-Test" | tee verify_user.log
答案 0 :(得分:1)
expect模块将完成此工作。鉴于 user1 @ test_01可以登录,下面的播放
- hosts: localhost
vars:
my_users:
- user1
- user2
my_hosts:
- test_01
- test_02
tasks:
- expect:
command: "ssh {{ item.0 }}@{{ item.1 }}"
timeout: 2
responses:
(.*)password(.*):
- "password" # Fit the password
- "\x03" # Ctrl-C
(.*)\$(.*): "exit" # Fit the prompt
with_nested:
- "{{ my_users }}"
- "{{ my_hosts }}"
register: result
ignore_errors: yes
- debug:
msg: "{{ (item.rc == 0)|ternary(item.invocation.module_args.command ~ ' [OK]',
item.invocation.module_args.command ~ ' [KO]') }}"
loop: "{{ result.results }}"
给予(grep msg):
"msg": "ssh user1@test_01 [OK]"
"msg": "ssh user1@test_02 [KO]"
"msg": "ssh user2@test_01 [KO]"
"msg": "ssh user2@test_02 [KO]"