我正在嘗試運行我的第一本劇本。在CentOS8上執行AWX,嘗試使用SSH連接到遠端設備。在我的遠端裝置上,我已在裝置上執行 ssh-genkey 並將 .pub 金鑰新增至authorized_keys 檔案。我還獲取了 .pub 私鑰並創建了憑證機器類型並添加了私鑰。使用者名稱和密碼為空。我只能使用 root 用戶連接到我的遠端設備,在此處輸入圖像描述
我的劇本是:
- name: use machine credentials(1)
hosts: ACS
connection: ssh
gather_facts: false
timeout: 10
tasks:
- name: Get firmware version from host
shell: "date"
#shell: cat /firmware | grep ^VERSION | cut -d"=" -f2
register: firmware_version
tags: firmware_version
我正在嘗試透過 SSH 連接到遠端設備並從遠端設備上的檔案中讀取韌體詳細資訊。
當我運行我的劇本時,輸出失敗,並且我不相信它正在連接到遠端設備。我可以透過 putty 會話手動從 AWX 主機透過 SSH 連接到遠端裝置。我嘗試在 AWX 主機上使用私鑰文件,並且可以使用 putty 中的金鑰透過 SSH 連接到我的遠端裝置。
AWX 的輸出:
Identity added: /runner/artifacts/196/ssh_key_data (/runner/artifacts/196/ssh_key_data)
ansible-playbook [core 2.14.2]
config file = None
configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
ansible collection location = /runner/requirements_collections:/home/runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible-playbook
python version = 3.9.16 (main, Dec 8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
No config file found; using defaults
host_list declined parsing /runner/inventory/hosts as it did not pass its verify_file() method
Parsed /runner/inventory/hosts inventory source with script plugin
Skipping callback 'awx_display', as we already have a stdout callback.
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: acs_backup.yml *******************************************************
1 plays in acs_backup.yml
PLAY [use machine credentials(1)] **********************************************
TASK [Get firmware version from host] ******************************************
task path: /runner/project/acs_backup.yml:18
<10.162.29.138> ESTABLISH SSH CONNECTION FOR USER: root
<10.162.29.138> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/4477df8717"' 10.162.29.138 '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<10.162.29.138> (0, b'/home/root\\r\\n', b"Warning: Permanently added '10.162.29.138' (ED25519) to the list of known hosts.\\r\\n")
<10.162.29.138> ESTABLISH SSH CONNECTION FOR USER: root
<10.162.29.138> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/4477df8717"' 10.162.29.138 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/root/.ansible/tmp `"&& mkdir "` echo /home/root/.ansible/tmp/ansible-tmp-1677124576.2755764-27-69248210230276 `" && echo ansible-tmp-1677124576.2755764-27-69248210230276="` echo /home/root/.ansible/tmp/ansible-tmp-1677124576.2755764-27-69248210230276 `" ) && sleep 0'"'"''
<10.162.29.138> (0, b'ansible-tmp-1677124576.2755764-27-69248210230276=/home/root/.ansible/tmp/ansible-tmp-1677124576.2755764-27-69248210230276\\r\\n', b'')
<ACS-10.162.29.138> Attempting python interpreter discovery
<10.162.29.138> ESTABLISH SSH CONNECTION FOR USER: root
<10.162.29.138> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/4477df8717"' 10.162.29.138 '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'python3.11'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.10'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.9'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.8'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<10.162.29.138> (0, b'PLATFORM\\r\\nLinux\\r\\nFOUND\\r\\n/usr/bin/python3.5\\r\\n/usr/bin/python3\\r\\n/usr/bin/python2.7\\r\\n/usr/bin/python\\r\\n/usr/bin/python\\r\\nENDFOUND\\r\\n', b'')
<10.162.29.138> ESTABLISH SSH CONNECTION FOR USER: root
<10.162.29.138> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/runner/cp/4477df8717"' 10.162.29.138 '/bin/sh -c '"'"'/usr/bin/python3.5 && sleep 0'"'"''
fatal: [ACS-10.162.29.138]: FAILED! => {
"changed": false,
"msg": "The shell action failed to execute in the expected time frame (10) and was terminated"
}
PLAY RECAP *********************************************************************
ACS-10.162.29.138 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
誰能指出我為什麼不透過 SSH 連接到遠端設備的正確方向?
答案1
您透過 ssh 連線時遇到問題。
10.162.29.138 是私有位址。您是否從 VPC 上的電腦執行 ansible 腳本?如果沒有那就是首要問題你需要解決。
如果您位於同一個 VPC 上或有通往子網路的隧道,請嘗試執行nc -zv 10.162.29.138 22- 如果連接成功,請再次嘗試您的 ansible 腳本。如果仍然失敗為了同樣的原因,然後嘗試在命令列上使用 connectnig 來ssh -vv ....描述 nc 和 ssh 命令的輸出。
答案2
我正在連接到 GITHUB 並在本地 AWX 主機上同步該專案。 AWX 和我嘗試透過 ssh 連線的裝置都位於同一本地網路 10.162.29.x 上。
我執行了你的命令。我可以使用 NCAP 和 ssh 進行連接,但在 ssh 的詳細模式下,它只是顯示「正在連接到 10.162.29.138 [10.162.29.138] 連接埠 22,所以不確定為什麼會這樣,並且沒有完成連接。
[localadmin@centOS8-awx ~]$ nc -zv 10.162.29.138 22 Ncat:版本 7.70 (https://nmap.org/ncat) Ncat:連接到 10.162.29.138:22。 Ncat:0.01 秒內發送 0 個位元組,接收 0 個位元組。
[localadmin@centOS8-awx ~]$ ssh[電子郵件受保護] 密碼:
警告:shell 指令使用不當可能會導致資料遺失、重要係統檔案刪除或其他意外結果。輸入 shell 指令時請仔細檢查語法。
[root@ACS8008-0520414440 ~]# exit與 10.162.29.138 的連線已關閉。
[localadmin@centOS8-awx ~]$ ssh -vv[電子郵件受保護] OpenSSH_8.0p1、OpenSSL 1.1.1k FIPS 2021 年3 月25 日debug1:讀取設定資料/etc/ssh/ssh_config debug1:讀取設定資料/etc/ssh/ssh_config.d/05-redhat.conf debug2:檢查「最終所有」的匹配' 主機10.162.28.138 最初為10.162.28.138 debug2: 未找到匹配debug1: 讀取配置資料/etc/crypto-policies/back-ends/openssh.config debug1: 配置請求最終匹配通過debug2: resolve_canonicalize: 主機名稱10.162.28.138 是位址debug1:重新解析設定debug1:讀取設定資料/etc/ssh/ssh_config debug1:讀取設定資料/etc/ssh/ssh_config.d/05-redhat.conf debug2:讀取原先檢查最初「final all」主機10.162.28.138 的匹配10.162.28.138 debug2:找到匹配debug1:讀取配置資料/etc/crypto-policies/back-ends/openssh.config debug2:ssh_connect_direct debug1:連接到1681. 28.138] 端口22。