为什么ansible选项“ --private-key”在一台主机上有效,而在另一台主机上无效?

时间:2019-06-17 14:52:45

标签: ansible

我在VM-1上安装了ansible 2.8.0,没有修改ansible.cfg中的其他任何默认配置,除了“ host_key_checking = false”

然后我在VM-3上运行OK的ansible all -i "<IP of VM-3>," --private-key <key of VM-3> -u root -m ping,但是在VM-2上运行ERROR的ansible all -i "<IP of VM-2>," --private-key <key of VM-2> -u root -m ping

我在VM-2(用户为root)上生成了一对ssh-key,并将其私钥(id_rsa)内容复制到VM-1。我将其保存在名为“ key”的文件中,并将此文件的模式设置为“ 700”。最后,我运行以下命令:

ansible all -i "<ip of VM-2>," --private-key key -u root -m ping

这是错误的。错误信息是:

/opt # ansible --version
ansible 2.8.0
  config file = /opt/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Apr  8 2019, 18:17:52) [GCC 8.3.0]
/opt # ls
ansible.cfg  key
/opt # ansible all -i "192.168.100.100," --private-key key -u root -m ping
192.168.100.100 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: root@192.168.100.100: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}

然后我转而使用选项“ -k”,它可以工作。

/opt # ansible all -i "192.168.100.100," -k -u root -m ping
SSH password: 
192.168.100.100 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

然后,我以与VM-2相同的步骤在VM-3上再次尝试。使用“ --private-key”的命令有效。 VM-2和VM-3的环境非常相似。 我完全没有发现VM-2和VM-3的sshd配置之间有什么区别。

所以我对以上这些感到非常困惑。

另外,在运行“ -k”命令后,“-private-key”命令将可以正常运行,因为在后台有一个可处理的进程,如下所示:

/opt # ansible all -i "192.168.100.100," -k -u root -m ping
SSH password: 
192.168.100.100 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
/opt # ps -ef |grep ansible
  126 root      0:00 ssh: /root/.ansible/cp/e42d5dc861 [mux]
/opt # ansible all -i "192.168.100.100," --private-key key -u root -m ping
192.168.100.100 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

我想知道如何在ansible命令行中正确使用“ --private-key”。

0 个答案:

没有答案
相关问题
最新问题