Ansible默認安裝好後有一個配置文件/etc/ansible/ansible.cfg,該配置文件中定義了ansible的主機的默認配置部分,如默認是否需要輸入密碼、是否開啓sudo認證、action_plugins插件的位置、hosts主機組的位置、是否開啓log功能、默認端口、key文件位置等等。
具體如下:
[defaults]
# some basic default values...
hostfile = /etc/ansible/hosts \\指定默認hosts配置的位置
# library_path = /usr/share/my_modules/
remote_tmp = $HOME/.ansible/tmp
pattern = *
forks = 5
poll_interval = 15
sudo_user = root \\遠程sudo用戶
#ask_sudo_pass = True \\每次執行ansible命令是否詢問ssh密碼
#ask_pass = True \\每次執行ansible命令時是否詢問sudo密碼
transport = smart
remote_port = 22
module_lang = C
gathering = implicit
host_key_checking = False \\關閉第一次使用ansible連接客戶端是輸入命令提示
log_path = /var/log/ansible.log \\需要時可以自行添加。chown -R root:root ansible.log
system_warnings = False \\關閉運行ansible時系統的提示信息,一般爲提示升級
# set plugin path directories here, separate with colons
action_plugins = /usr/share/ansible_plugins/action_plugins
callback_plugins = /usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins = /usr/share/ansible_plugins/lookup_plugins
vars_plugins = /usr/share/ansible_plugins/vars_plugins
filter_plugins = /usr/share/ansible_plugins/filter_plugins
fact_caching = memory
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30
本篇就結合一個示例對其進行下了解。我在對之前未連接的主機進行連結時報錯如下:
[root@361way.com ~]# ansible test -a 'uptime'
10.212.52.14 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
10.212.52.16 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
從上面的輸出提示上基本可以瞭解到由於在本機的~/.ssh/known_hosts文件中並有fingerprint key串,ssh第一次連接的時候一般會提示輸入yes 進行確認爲將key字符串加入到 ~/.ssh/known_hosts 文件中。
方法1:
瞭解到問題原因爲,我們瞭解到進行ssh連接時,可以使用-o參數將StrictHostKeyChecking設置爲no,使用ssh連接時避免首次連接時讓輸入yes/no部分的提示。通過查看ansible.cfg配置文件,發現如下行:
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
所以這裏我們可以啓用ssh_args 部分,使用下面的配置,避免上面出現的錯誤:
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no
方法2:
在ansible.cfg配置文件中,也會找到如下部分:
# uncomment this to disable SSH key host checking
host_key_checking = False
默認host_key_checking部分是註釋的,通過打開該行的註釋,同樣也可以實現跳過 ssh 首次連接提示驗證部分。由於配置文件中直接有該選項,所以推薦用方法2 。
其他部分
由於官方給的說明比較詳細,同時ansible.cfg 文件本身默認也有註釋提示部分,所以不做過多說明,這裏再舉個例子,默認ansible 執行的時候,並不會輸出日誌到文件,不過在ansible.cfg 配置文件中有如下行:
# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = /var/log/ansible.log
同樣,默認log_path這行是註釋的,打開該行的註釋,所有的命令執行後,都會將日誌輸出到/var/log/ansible.log 文件,便於瞭解在何時執行了何操作及其結果,如下:
[root@361way.com ansible]# cat /var/log/ansible.log
2015-05-04 01:57:19,758 p=4667 u=root |
2015-05-04 01:57:19,759 p=4667 u=root | /usr/bin/ansible test -a uptime
2015-05-04 01:57:19,759 p=4667 u=root |
2015-05-04 01:57:20,563 p=4667 u=root | 10.212.52.252 | success | rc=0 >>
01:57am up 23 days 11:20, 2 users, load average: 0.38, 0.38, 0.40
2015-05-04 01:57:20,831 p=4667 u=root | 10.212.52.14 | success | rc=0 >>
02:03am up 331 days 8:19, 2 users, load average: 0.08, 0.05, 0.05
2015-05-04 01:57:20,909 p=4667 u=root | 10.212.52.16 | success | rc=0 >>
02:05am up 331 days 8:56, 2 users, load average: 0.00, 0.01, 0.05
更多部分可以參看官方文檔。