Ansible无法连接到Ansible创建的Azure VM

时间:2019-07-02 01:09:35

标签: azure ansible

重写问题

当我使用azure_rm – Azure Resource Manager inventory plugin时, 如何更改连接到Azure VM的ssh用户?

旧问题

我为Azure云外壳中的Ansible无法连接由Ansible剧本创建的Azure VM感到困扰。 另一个Ansible可以连接由命令行创建的Azure VM。 VM有什么区别?

我创建了2个Azure VM。 一本是Ansible剧本。 另一个是通过命令行az vm create

Ansible剧本create_vm_for_the_developers.yaml 

- name: Create Azure VM
  hosts: localhost
  connection: local
  vars_prompt:
    - name: "ResourceGroup"
      prompt: "Please input your resourcegroup"
      default: "defaultResourceGroupForVM" 
      private: no
    - name: "domain_name"
      prompt: "Please input your domain"
      default: "foobardomain" 
      private: no
    - name: "subscription_id"
      prompt: "Please input your subscription_id"
      default: "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
      private: no
  tasks:
  - name: Create resource group
    azure_rm_resourcegroup:
      name:  "{{ ResourceGroup }}"
      location: eastus
      subscription_id: "{{subscription_id}}"
  - name: Create virtual network
    azure_rm_virtualnetwork:
      resource_group: "{{ ResourceGroup }}"
      name: myVnet
      address_prefixes: "10.0.0.0/16"
      subscription_id: "{{subscription_id}}"
  - name: Add subnet
    azure_rm_subnet:
      resource_group: "{{ ResourceGroup }}"
      name: mySubnet
      address_prefix: "10.0.1.0/24"
      virtual_network: myVnet
      subscription_id: "{{subscription_id}}"
  - name: Create public IP address
    azure_rm_publicipaddress:
      resource_group: "{{ ResourceGroup }}"
      allocation_method: Static
      name: myPublicIP
      subscription_id: "{{subscription_id}}"
    register: output_ip_address
  - name: Dump public IP for VM which will be created
    debug:
      msg: "The public IP is {{ output_ip_address.state.ip_address }}."
  - name: Create Network Security Group that allows SSH
    azure_rm_securitygroup:
      resource_group: "{{ ResourceGroup }}"
      name: myNetworkSecurityGroup
      subscription_id: "{{subscription_id}}"
      rules:
        - name: SSH
          protocol: Tcp
          destination_port_range: 22
          access: Allow
          priority: 1001
          direction: Inbound
  - name: Create virtual network inteface card
    azure_rm_networkinterface:
      resource_group: "{{ ResourceGroup }}"
      subscription_id: "{{subscription_id}}"
      name: myNIC
      virtual_network: myVnet
      subnet: mySubnet
      public_ip_name: myPublicIP
      security_group: myNetworkSecurityGroup
      ip_configurations:
      - name: ipconfig1
        public_ip_address_name: myPublicIP
        primary: True
  - name: Create VM
    azure_rm_virtualmachine:
      resource_group: "{{ ResourceGroup }}"
      subscription_id: "{{subscription_id}}"
      name: myVM
      vm_size: Standard_DS1_v2
      admin_username: azureuser
      #admin_password: Azure12345678
      ssh_password_enabled: false
      ssh_public_keys:
        - path: /home/azureuser/.ssh/authorized_keys
          key_data: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"  
      network_interfaces: myNIC
      image:
        offer: CentOS
        publisher: OpenLogic
        sku: '7.5'
        version: latest

我运行命令ansible-playbook create_vm_for_the_developers.yaml并创建VM。

命令行az vm create 

az vm create --resource-group defaultResourceGroupForVM              --name ansible-inventory-test-vm2              --image CentOS  --ssh-key-values ~/.ssh/id_rsa.pub

我也运行了上面的命令。

动态库存infra_azure_rm.yaml 

plugin: azure_rm
include_vm_resource_groups:
- defaultResourceGroupForVM
auth_source: auto
exclude_host_filters:
# excludes hosts that are powered off
- powerstate != 'running'

我运行了命令

ansible all -m ping -i infra_azure_rm.yaml

错误结果

myVM_caa6 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).",
    "unreachable": true
}
ansible-inventory-test-vm2_62bd | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

Env

  • 在Azure Clound Shell上
  • Ansible版本:2.8.1
  • ssh密钥是由命令ssh-keygen
    • 创建的

使用信息

  • 两个虚拟机都可以通过ssh连接。
  • ssh连接的用户名在命令行上创建的VM和在Ansible中创建的VM之间有所不同。这可能是一个严重的问题。
  • 在动态广告资源选项中,我们可以更改ssh的用户名吗?

Plus加上信息

  • azure_rmad_user参数适用于Azure AD。
  • 如何更改用户?

1 个答案:

答案 0 :(得分:0)

错误显示权限被拒绝,这意味着您可以连接到VM,但是无法通过身份验证。

运行命令时,未设置VM使用的用户名,默认用户名可能不正确。因此,这可能是导致错误的原因。您可以尝试使用以下命令来设置真实的用户名:

ansible all -m ping -i infra_azure_rm.yaml --user=USERNAME

如果您需要更多帮助,请告诉我。

相关问题
最新问题