我可以从localhost终端使用Ansible成功ping Windows主机,但是通过Docker容器尝试执行此操作时,它失败并显示以下消息:
flask | fatal: [eudc2.dea.com]: UNREACHABLE! => {"changed": false, "msg": "basic: HTTPConnectionPool(host='eudc2.dea.com', port=5985): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fbc16d50550>, 'Connection to eudc2.dea.com timed out. (connect timeout=30)'))", "unreachable": true}
但是,通过本地主机ping时:
~/Documents/Projects/user oam !5 ?6 ❯ ansible dc -m win_ping
eudc2.dea.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
我想说这意味着问题出在Docker容器中,所以这是dockerfile:
FROM python
WORKDIR /app
ADD . /app
RUN pip3 install --upgrade pip
RUN pip3 install flask uwsgi requests ansible ansible_runner pywinrm
RUN apt-get update -y && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
sshpass
CMD ["uwsgi","app.ini"]
这是hostvars:
[dc]
eudc2.dea.com
[dc:vars]
ansible_user='username'
ansible_password='pass'
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_winrm_port=5985
ansible_winrm_transport=basic
docker容器中win_ping的详细输出:
~/Documents/Projects/user oam !5 ?7 ❯ docker exec flask ansible -i /app/ansible/inventory/hosts dc -m win_ping -vvvv ✘ INT
ansible 2.10.2
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.9.0 (default, Oct 13 2020, 20:14:06) [GCC 8.3.0]
No config file found; using defaults
setting up inventory plugins
host_list declined parsing /app/ansible/inventory/hosts as it did not pass its verify_file() method
script declined parsing /app/ansible/inventory/hosts as it did not pass its verify_file() method
auto declined parsing /app/ansible/inventory/hosts as it did not pass its verify_file() method
Set default localhost to localhost
Parsed /app/ansible/inventory/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/local/lib/python3.9/site-packages/ansible/plugins/callback/minimal.py
META: ran handlers
redirecting (type: modules) ansible.builtin.win_ping to ansible.windows.win_ping
Loading collection ansible.windows from /usr/local/lib/python3.9/site-packages/ansible_collections/ansible/windows
Using module file /usr/local/lib/python3.9/site-packages/ansible_collections/ansible/windows/plugins/modules/win_ping.ps1
Pipelining is enabled.
<eudc2.dea.com> ESTABLISH WINRM CONNECTION FOR USER: <username_truncated> on PORT 5985 TO eudc2.dea.com
eudc2.ictv.com | UNREACHABLE! => {
"changed": false,
"msg": "basic: HTTPConnectionPool(host='eudc2.dea.com', port=5985): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f628ecd08e0>, 'Connection to eudc2.dea.com timed out. (connect timeout=30)'))",
"unreachable": true
}
~/Documents/Projects/user oam !5 ?7 ❯ docker exec flask curl eudc2.dea.com ✘ INT
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:16 --:--:-- 0
答案 0 :(得分:0)
有趣的是,从容器内部运行curl花费了16秒。看起来很久了。
Ansible的WinRM超时时间为20秒:
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html
一些建议:
curl请求(我正在考虑将容器运行在与您调用localhost相同的盒子上);比较时间以了解它们之间的实质性差异win_ping;容器曾经工作过还是本地主机曾经失败过?计时(time ansible dc -m win_ping)ansible_winrm_operation_timeout_sec和ansible_winrm_read_timeout_sec,看看是否有帮助