1、祕鑰和playbook中寫的remoter_user不對應,即使外部指定了對應的用戶也不可以。
|
[root@ansible src]# ansible-playbook -u"centos" --private-key=/home/rsa.key /home/fsp/del_pb.yml
PLAY [all]********************************************************************
GATHERING FACTS*************************************************************** fatal: [172.16.5.122] => failed totransfer file to Please login as the user "centos" rather than theuser "root"./setup:
Received message too long 1349281121
fatal: [172.16.5.120] => failed totransfer file to Please login as the user "centos" rather than theuser "root"./setup:
Received message too long 1349281121
fatal: [172.16.5.109] => failed totransfer file to Please login as the user "centos" rather than theuser "root"./setup:
Received message too long 1349281121
TASK: [whoami]**************************************************************** FATAL: no hosts matched or all hosts havealready failed -- aborting
PLAY RECAP******************************************************************** to retry, use: --limit @/root/del_pb.retry
172.16.5.109 : ok=0 changed=0 unreachable=1 failed=0 172.16.5.120 : ok=0 changed=0 unreachable=1 failed=0 172.16.5.122 : ok=0 changed=0 unreachable=1 failed=0 |
2、
|
[root@ansible src]# ansible-playbook -u"centos" --private-key=/home/rsa.key /home/fsp/del_pb.yml
PLAY [all]********************************************************************
GATHERING FACTS*************************************************************** ok: [172.16.5.120] ok: [172.16.5.122] ok: [172.16.5.109]
TASK: [whoami]**************************************************************** failed: [172.16.5.122] =>{"checksum": "a983aaa274e450705ec89584822af919e93741ef","failed": true} msg: Destination /root not writable failed: [172.16.5.109] =>{"checksum": "a983aaa274e450705ec89584822af919e93741ef","failed": true} msg: Destination /root not writable failed: [172.16.5.120] =>{"checksum": "a983aaa274e450705ec89584822af919e93741ef","failed": true} msg: Destination /root not writable
FATAL: all hosts have already failed --aborting
PLAY RECAP******************************************************************** to retry, use: --limit @/root/del_pb.retry
172.16.5.109 : ok=1 changed=0 unreachable=0 failed=1 172.16.5.120 : ok=1 changed=0 unreachable=0 failed=1 172.16.5.122 : ok=1 changed=0 unreachable=0 failed=1 |
ansible-playbook -u "centos"--become-user=root --private-key=/home/lvmeng.key /home/fsp/del_pb.yml 也報如上錯誤。
解決方法:playbook中寫sudo:True,或者python API 中PlayBook中傳入become=True.
https://github.com/project-hatohol/hatohol/tree/master/setup-with-ansible
3、直接在非 playbook 所在的目錄下,用全量路徑執行 playbook,報鑑權錯誤,但在 playbook 目錄下卻不會。
[root@ansible test]# ansible-playbook -i /etc/ansible/hosts /home/fsp/test.yml --private-key=/home/fsp/ssh_keys/lvmeng.key -u centos -e source_path=/root/hosts -b
PLAY [all] ********************************************************************
GATHERING FACTS ***************************************************************
fatal: [172.16.5.122] => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
while connecting to 172.16.5.122:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
TASK: [whoami] ****************************************************************
FATAL: no hosts matched or all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/root/test.retry
172.16.5.122 : ok=0 changed=0 unreachable=1 failed=0
原因: /etc/ansible/hosts 文件中發現 10.2.223.97 ansible_ssh_private_key_file=ssh_keys/default.pem ansible_ssh_user=centos。ansible以靜態文件中的爲準。這裏祕鑰文件採用的是相對路徑,所有只有在 ssh_keys 所在的目錄下執行纔不會報鑑權失敗
解決方法:將 ansible_ssh_private_key_file=ssh_keys/default.pem 刪掉。
4、unsupported connection type: ssh
原因:在多線程中調用了 ansible python API 接口。經試驗, ansible 只支持在進程中調用。原因未知。
5、become_user的在被管理的主機上不存在或者become_user=""
| playbook: sudo: yes 錯誤: GATHERING FACTS *************************************************************** ok: [10.2.223.191] TASK: [update hosts] ********************************************************** failed: [10.2.223.191] => {"failed": true, "parsed": false} usage: sudo [-D level] -h | -K | -k | -V^M usage: sudo -v [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-u user^M name|#uid]^M usage: sudo -l[l] [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-U user^M name] [-u user name|#uid] [-g groupname|#gid] [command]^M usage: sudo [-AbEHknPS] [-r role] [-t type] [-C fd] [-D level] [-g^M groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid]^M [VAR=value] [-i|-s] [<command>]^M usage: sudo -e [-AknS] [-r role] [-t type] [-C fd] [-D level] [-g^M groupname|#gid] [-p prompt] [-u user name|#uid] file ...^M OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config^M debug1: Applying options for *^M debug1: Applying options for *^M debug1: auto-mux: Trying existing master^M debug1: mux_client_request_session: master session id: 2^M debug1: mux_client_request_session: master session id: 2^M Shared connection to 10.2.223.191 closed.^M |
解決方法:即使調用的 api 接口中傳入的become=False,become_user也要是root。