ansible常见问题汇总

# 问题
    执行 ansible IP地址 -m command -a 'date'
    paramiko: The authenticity of host '10.252.129.216' can't be established.
    The ssh-rsa key fingerprint is cef5f02a439420eab5472a6384d14ddc.
    Are you sure you want to continue connecting (yes/no)?
    我不想输入yes或者no,取消这个提示,怎么办?
    # 解决办法:
        很简单,修改ansible.cfg的#host_key_checking= False取消注释,即可。
# 问题
    ansible操控远程主机时,如何同时在控制端执行命令
    # 解决办法:
        playbook 本地执行命令
        - name: local generate ssh private and public key
        local_action: shell 'cat /dev/zero | ssh-keygen -t rsa -q -P "" -C "sshkey" -f local_ssh_keys/{{group_names[0]}}/{{user.name}} > /dev/null'
# 问题
    如何多个task,共用一个with_items
        使用include
        main.yaml 文件
        ---
        # tasks
        # production
        - name: add yunwei user when production
        include: subtask.yaml user={{item}}
        with_items:
            - {
                name: user01,
                password: 123456,
                group: yunwei,
                groups: root,
            }
            - {
                name: user02,
                password: 654321,
                group: yunwei,
                groups: root,
            }
        subtask.yaml 文件
        - name: useradd 
          user: name="{{user.name}}" password={{user.password | password_hash('sha512')}} group={{user.group}} groups={{user.groups}} append=no state=present update_password=on_create shell=/bin/bash
        - name: local mkdir local_ssh_keys
          local_action: file path="local_ssh_keys/{{group_names[0]}}/" state=directory
# 问题
    如何获取当前执行主机所属于的group_name,理论执行过程中,该主机所属组应该有且只有一个名称
    # 解决办法
        暂时无解,网上给的只是该ip所属于的group_names集合,如果ip在多个组中都存在,则返回一个list
        
# 问题
    ansible使用include和tags时,tags要标注到被include子文件的task下,只标注在父文件的tags无效
    
# 问题
    如何定义某些任务,默认不执行,指定才执行
    #解决办法
        使用tags实现,默认不执行的任务指定tags: ["never", "rootaddkey"],这样默认执行ansible-playbook -i staging site.yaml,则不会执行该任务,要想执行该任务则使用ansible-playbook -i staging site.yaml --tags "rootaddkey"

# 问题
    playbook中变量包含大括号{特殊字符,该如何转义
    比如实际密码是:MRkK{{#XxISrj1NS
    # 解决办法
        应该写成"MRkK{{ '{{' }}#XxISrj1NS"
        注意:如果本身密码没有特殊字符,最外层也可以添加双引号,外层双引号不会算成密码
# 问题
    ansilbe-playbook执行的时候报错:
    "module_stdout": "Traceback (most recent call last):\r\n  File \"/root/.ansible/tmp/ansible-tmp-1588056123.7350829-155148156428763/AnsiballZ_authorized_key.py\", line 102, in <module>\r\n    _ansiballz_main()\r\n  File \"/root/.ansible/tmp/ansible-tmp-1588056123.7350829-155148156428763/AnsiballZ_authorized_key.py\", line 94, in _ansiballz_main\r\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n  File \"/root/.ansible/tmp/ansible-tmp-1588056123.7350829-155148156428763/AnsiballZ_authorized_key.py\", line 40, in invoke_module\r\n    runpy.run_module(mod_name='ansible.modules.system.authorized_key', init_globals=None, run_name='__main__', alter_sys=True)\r\n  File \"/usr/lib64/python2.6/runpy.py\", line 136, in run_module\r\n    fname, loader, pkg_name)\r\n  File \"/usr/lib64/python2.6/runpy.py\", line 54, in _run_module_code\r\n    mod_loader, pkg_name)\r\n  File \"/usr/lib64/python2.6/runpy.py\", line 34, in _run_code\r\n    exec code in run_globals\r\n  File \"/tmp/ansible_authorized_key_payload_DeA1Lm/ansible_authorized_key_payload.zip/ansible/modules/system/authorized_key.py\", line 230, in <module>\r\n  File \"/tmp/ansible_authorized_key_payload_DeA1Lm/ansible_authorized_key_payload.zip/ansible/module_utils/urls.py\", line 99, in <module>\r\n  File \"/usr/lib/python2.6/site-packages/urllib3/__init__.py\", line 7, in <module>\r\n    from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool, connection_from_url\r\n  File \"/usr/lib/python2.6/site-packages/urllib3/connectionpool.py\", line 100\r\n    _blocking_errnos = {errno.EAGAIN, errno.EWOULDBLOCK}\r\n                                    ^\r\nSyntaxError: invalid syntax\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1
    # 解决办法,执行额外的ansible_python_interpreter
        10.0.0.41 ansible_python_interpreter=/usr/bin/python3.6
    

You may also like...

发表评论