在多个虚拟机上获取 Ansible "Permission denied (publickey,password)"
Getting Ansible "Permission denied (publickey,password)" on multiple VMs
当我尝试使用命令 "ansible-playbook site.yml -vvvv" 运行 非常简单的 playbook 针对两个 Vagrant 虚拟机时出现以下错误,但我不确定如何解决它。
PLAY [Configure servers] ****************************************
GATHERING FACTS ***************************************************************
<dev.db> ESTABLISH CONNECTION FOR USER: vagrant
<dev.db> REMOTE_MODULE setup
<dev.db> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/flaugher/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 dev.db /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1455651230.31-78392827258464 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1455651230.31-78392827258464 && echo $HOME/.ansible/tmp/ansible-tmp-1455651230.31-78392827258464'
fatal: [dev.db] => SSH Error: Permission denied (publickey,password).
while connecting to 192.168.2.102:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
<dev.web> ESTABLISH CONNECTION FOR USER: vagrant
<dev.web> REMOTE_MODULE setup
<dev.web> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/flaugher/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 dev.web /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1455651230.3-64535332497824 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1455651230.3-64535332497824 && echo $HOME/.ansible/tmp/ansible-tmp-1455651230.3-64535332497824'
fatal: [dev.web] => SSH Error: Permission denied (publickey,password).
while connecting to 192.168.2.101:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
TASK: [debug msg="hello, world!"] *********************************************
FATAL: no hosts matched or all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/Users/smith/site.retry
dev.db : ok=0 changed=0 unreachable=1 failed=0
dev.web : ok=0 changed=0 unreachable=1 failed=0
以下是我的 VM 的配置方式:
Vagrant.configure(2) do |config|
config.vm.define "web" do |web|
web.vm.box = "debian/jessie64"
web.vm.network "private_network", ip: "192.168.2.101"
web.vm.network :forwarded_port, guest: 22, host: 10122, id: "ssh"
web.vm.host_name = "dev.web"
end
config.vm.define "db" do |db|
db.vm.box = "debian/jessie64"
db.vm.network "private_network", ip: "192.168.2.102"
db.vm.network :forwarded_port, guest: 22, host: 10222, id: "ssh"
db.vm.host_name = "dev.db"
end
end
这是我的 ansible.cfg 文件:
[defaults]
hostfile = inventory.ini
remote_user = vagrant
host_key_checking = False
# private_key_file = ???
这里是inventory.ini:
[development]
dev.web
dev.db
和剧本site.yml:
- name: Configure servers
hosts: development
gather_facts: True
vars:
foo: "bar"
tasks:
- debug: msg="hello, world!"
- fail:
这似乎是 SSH 密钥文件问题。我的第一个想法是因为每个虚拟服务器都有一个私钥文件:
.vagrant/machines/web/virtualbox/private_key
.vagrant/machines/db/virtualbox/private_key
...也许我需要在我的配置文件中指定多个 private_key_file 设置?但是,Ansible 文档并未说明这是可能的。我也在想,也许我需要在配置文件中使用单独的“[web]”和“[db]”组,以便我可以指定单独的密钥文件,但 Ansible 文档同样没有表明这是一种可能性。我本地机器上的 vagrant 用户在他们的 ~vagrant/.ssh 目录中确实有 public 和私钥,所有这些都具有正确的权限。我可以使用命令 "vagrant ssh [web | db]" 通过 SSH 连接到每个虚拟机,每个虚拟机上的流浪者主目录在其 ~/.ssh 目录中都有一个 authorized_keys 文件。谁能看出我做错了什么?
谢谢!
您可以使用 ansible_ssh_private_key_file 在库存级别指定密钥。
您可以使用 group_vars 或 host_vars 来执行此操作,具体取决于您的用例。在您的情况下,您可能只想像这样将它们内联到您的清单文件中:
[development]
dev.web ansible_ssh_private_key_file=/path/to/.vagrant/machines/web/virtualbox/private_key
dev.db ansible_ssh_private_key_file=/path/to/.vagrant/machines/db/virtualbox/private_key
当我尝试使用命令 "ansible-playbook site.yml -vvvv" 运行 非常简单的 playbook 针对两个 Vagrant 虚拟机时出现以下错误,但我不确定如何解决它。
PLAY [Configure servers] ****************************************
GATHERING FACTS ***************************************************************
<dev.db> ESTABLISH CONNECTION FOR USER: vagrant
<dev.db> REMOTE_MODULE setup
<dev.db> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/flaugher/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 dev.db /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1455651230.31-78392827258464 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1455651230.31-78392827258464 && echo $HOME/.ansible/tmp/ansible-tmp-1455651230.31-78392827258464'
fatal: [dev.db] => SSH Error: Permission denied (publickey,password).
while connecting to 192.168.2.102:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
<dev.web> ESTABLISH CONNECTION FOR USER: vagrant
<dev.web> REMOTE_MODULE setup
<dev.web> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/flaugher/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 dev.web /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1455651230.3-64535332497824 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1455651230.3-64535332497824 && echo $HOME/.ansible/tmp/ansible-tmp-1455651230.3-64535332497824'
fatal: [dev.web] => SSH Error: Permission denied (publickey,password).
while connecting to 192.168.2.101:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
TASK: [debug msg="hello, world!"] *********************************************
FATAL: no hosts matched or all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/Users/smith/site.retry
dev.db : ok=0 changed=0 unreachable=1 failed=0
dev.web : ok=0 changed=0 unreachable=1 failed=0
以下是我的 VM 的配置方式:
Vagrant.configure(2) do |config|
config.vm.define "web" do |web|
web.vm.box = "debian/jessie64"
web.vm.network "private_network", ip: "192.168.2.101"
web.vm.network :forwarded_port, guest: 22, host: 10122, id: "ssh"
web.vm.host_name = "dev.web"
end
config.vm.define "db" do |db|
db.vm.box = "debian/jessie64"
db.vm.network "private_network", ip: "192.168.2.102"
db.vm.network :forwarded_port, guest: 22, host: 10222, id: "ssh"
db.vm.host_name = "dev.db"
end
end
这是我的 ansible.cfg 文件:
[defaults]
hostfile = inventory.ini
remote_user = vagrant
host_key_checking = False
# private_key_file = ???
这里是inventory.ini:
[development]
dev.web
dev.db
和剧本site.yml:
- name: Configure servers
hosts: development
gather_facts: True
vars:
foo: "bar"
tasks:
- debug: msg="hello, world!"
- fail:
这似乎是 SSH 密钥文件问题。我的第一个想法是因为每个虚拟服务器都有一个私钥文件:
.vagrant/machines/web/virtualbox/private_key
.vagrant/machines/db/virtualbox/private_key
...也许我需要在我的配置文件中指定多个 private_key_file 设置?但是,Ansible 文档并未说明这是可能的。我也在想,也许我需要在配置文件中使用单独的“[web]”和“[db]”组,以便我可以指定单独的密钥文件,但 Ansible 文档同样没有表明这是一种可能性。我本地机器上的 vagrant 用户在他们的 ~vagrant/.ssh 目录中确实有 public 和私钥,所有这些都具有正确的权限。我可以使用命令 "vagrant ssh [web | db]" 通过 SSH 连接到每个虚拟机,每个虚拟机上的流浪者主目录在其 ~/.ssh 目录中都有一个 authorized_keys 文件。谁能看出我做错了什么?
谢谢!
您可以使用 ansible_ssh_private_key_file 在库存级别指定密钥。
您可以使用 group_vars 或 host_vars 来执行此操作,具体取决于您的用例。在您的情况下,您可能只想像这样将它们内联到您的清单文件中:
[development]
dev.web ansible_ssh_private_key_file=/path/to/.vagrant/machines/web/virtualbox/private_key
dev.db ansible_ssh_private_key_file=/path/to/.vagrant/machines/db/virtualbox/private_key