在某些任务填充密码后,通过ssh进行Ansible连接

时间:2019-06-16 22:34:52

标签: bash ansible

在Ansible中,我需要执行一组任务并从第三方(已处理此部分)获取密码,然后使用这些SSH凭据进行连接。

问题是当我这样做时,遍历清单的最佳方法似乎是包括任务列表,这很棒。主要问题是,仅当我在main.yml剧本中将主机指定为localhost时,才能获得此权限。 (或设置为服务器组的名称并指定连接:local),这会使命令模块在本地执行,这违背了目的。

我尝试查看SSH模块,但似乎没有注册以使我检测到no_action。我知道我可能会忽略一些明显的问题。

稍后我将发布更接近确切的代码,但是我现在所拥有的是

main.yml 
---
- hosts: localhost

  tasks:
    - name: subplay
      include: secondary.yml
      vars:
        user:myUser
        address:"{{hostvars[item].address}}"
      with_items: hostvars['mygroup']


secondary.yml
---
- name: fetch password
  [...fethchMyPassword, it works]
  register: password

- name: 
  [...Need to connect with fetched user for this task and this task only..]
  command: /my/local/usr/task.sh

我想在那里连接并执行脚本,但是无论我尝试执行什么,它要么根本无法执行,要么在本地执行。

另外,我可能会注意到我签出了https://docs.ansible.com/ansible/latest/plugins/connection/paramiko_ssh.htmlhttps://docs.ansible.com/ansible/latest/plugins/connection/ssh.html,但必须做错了事

1 个答案:

答案 0 :(得分:1)

在我看来,只有您的提取任务才需要委派给localhost,其余事务都应委派给localhost,而当您拥有所有连接信息时,可以通过将值设置为ansible_ {user,ssh_pass,password}来建立与set_facts的连接。试试这个:

main.yml 
---
- hosts: mygroup # inventory_hostname will loop through all your hosts in my_group
  tasks:
    - name: subplay
      include: secondary.yml
      vars:
        user:myUser
        address:"{{hostvars[inventory_hostname].address}}"

secondary.yml
---

- name: fetch password 
  [...fethchMyPassword, it works]
  delegate_to: localhost # this task is only run on localhost
  register: password    

- set_fact: # use registered password and vars to setup connection
    ansible_user: "{{ user}}"
    ansible_ssh_pass: "{{ password }}"
    ansible_host: "{{ address }}"


- name: Launch task # this task is run on each hosts of my_group
  [...Need to connect with fetched user for this task and this task only..]
  command: /my/local/usr/task.sh

通过

启动
ansible-playbook main.yml

尝试与secondary.yml一起编写角色,并与main.yml一起编写剧本