java分佈式系統部署學習（四）ansible配置ansible.cfg

Ansible默認安裝好後有一個配置文件/etc/ansible/ansible.cfg，該配置文件中定義了ansible的主機的默認配置部分，如默認是否需要輸入密碼、是否開啓sudo認證、action_plugins插件的位置、hosts主機組的位置、是否開啓log功能、默認端口、key文件位置等等。

具體如下：

[defaults]
# some basic default values...
hostfile       = /etc/ansible/hosts   \\指定默認hosts配置的位置
# library_path = /usr/share/my_modules/
remote_tmp     = $HOME/.ansible/tmp
pattern        = *
forks          = 5
poll_interval  = 15
sudo_user      = root  \\遠程sudo用戶
#ask_sudo_pass = True  \\每次執行ansible命令是否詢問ssh密碼
#ask_pass      = True  \\每次執行ansible命令時是否詢問sudo密碼
transport      = smart
remote_port    = 22
module_lang    = C
gathering = implicit
host_key_checking = False    \\關閉第一次使用ansible連接客戶端是輸入命令提示
log_path    = /var/log/ansible.log \\需要時可以自行添加。chown -R root:root ansible.log
system_warnings = False    \\關閉運行ansible時系統的提示信息，一般爲提示升級
# set plugin path directories here, separate with colons
action_plugins     = /usr/share/ansible_plugins/action_plugins
callback_plugins   = /usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins     = /usr/share/ansible_plugins/lookup_plugins
vars_plugins       = /usr/share/ansible_plugins/vars_plugins
filter_plugins     = /usr/share/ansible_plugins/filter_plugins
fact_caching = memory
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30

本篇就結合一個示例對其進行下了解。我在對之前未連接的主機進行連結時報錯如下：

[root@361way.com ~]# ansible test -a 'uptime'
10.212.52.14 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host.
10.212.52.16 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host.

從上面的輸出提示上基本可以瞭解到由於在本機的~/.ssh/known_hosts文件中並有fingerprint key串，ssh第一次連接的時候一般會提示輸入yes 進行確認爲將key字符串加入到 ~/.ssh/known_hosts 文件中。

方法1：

瞭解到問題原因爲，我們瞭解到進行ssh連接時，可以使用-o參數將StrictHostKeyChecking設置爲no，使用ssh連接時避免首次連接時讓輸入yes/no部分的提示。通過查看ansible.cfg配置文件，發現如下行：

[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s

所以這裏我們可以啓用ssh_args 部分，使用下面的配置，避免上面出現的錯誤：

ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking＝no 

方法2：

在ansible.cfg配置文件中，也會找到如下部分：

# uncomment this to disable SSH key host checking
host_key_checking = False  

默認host_key_checking部分是註釋的，通過打開該行的註釋，同樣也可以實現跳過 ssh 首次連接提示驗證部分。由於配置文件中直接有該選項，所以推薦用方法2 。

其他部分

由於官方給的說明比較詳細，同時ansible.cfg 文件本身默認也有註釋提示部分，所以不做過多說明，這裏再舉個例子，默認ansible 執行的時候，並不會輸出日誌到文件，不過在ansible.cfg 配置文件中有如下行：

# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = /var/log/ansible.log

同樣，默認log_path這行是註釋的，打開該行的註釋，所有的命令執行後，都會將日誌輸出到/var/log/ansible.log 文件，便於瞭解在何時執行了何操作及其結果，如下：

[root@361way.com ansible]# cat /var/log/ansible.log
2015-05-04 01:57:19,758 p=4667 u=root |
2015-05-04 01:57:19,759 p=4667 u=root |  /usr/bin/ansible test -a uptime
2015-05-04 01:57:19,759 p=4667 u=root |
2015-05-04 01:57:20,563 p=4667 u=root |  10.212.52.252 | success | rc=0 >>
 01:57am  up 23 days 11:20,  2 users,  load average: 0.38, 0.38, 0.40
2015-05-04 01:57:20,831 p=4667 u=root |  10.212.52.14 | success | rc=0 >>
 02:03am  up 331 days  8:19,  2 users,  load average: 0.08, 0.05, 0.05
2015-05-04 01:57:20,909 p=4667 u=root |  10.212.52.16 | success | rc=0 >>
 02:05am  up 331 days  8:56,  2 users,  load average: 0.00, 0.01, 0.05

更多部分可以參看官方文檔。

轉自：http://www.361way.com/ansible-cfg/4401.html