ansible常见问题汇总
# 问题
执行 ansible IP地址 -m command -a 'date'
paramiko: The authenticity of host '10.252.129.216' can't be established.
The ssh-rsa key fingerprint is cef5f02a439420eab5472a6384d14ddc.
Are you sure you want to continue connecting (yes/no)?
我不想输入yes或者no,取消这个提示,怎么办?
# 解决办法:
很简单,修改ansible.cfg的#host_key_checking= False取消注释,即可。
# 问题
ansible操控远程主机时,如何同时在控制端执行命令
# 解决办法:
playbook 本地执行命令
- name: local generate ssh private and public key
local_action: shell 'cat /dev/zero | ssh-keygen -t rsa -q -P "" -C "sshkey" -f local_ssh_keys/{{group_names[0]}}/{{user.name}} > /dev/null'
# 问题
如何多个task,共用一个with_items
使用include
main.yaml 文件
---
# tasks
# production
- name: add yunwei user when production
include: subtask.yaml user={{item}}
with_items:
- {
name: user01,
password: 123456,
group: yunwei,
groups: root,
}
- {
name: user02,
password: 654321,
group: yunwei,
groups: root,
}
subtask.yaml 文件
- name: useradd
user: name="{{user.name}}" password={{user.password | password_hash('sha512')}} group={{user.group}} groups={{user.groups}} append=no state=present update_password=on_create shell=/bin/bash
- name: local mkdir local_ssh_keys
local_action: file path="local_ssh_keys/{{group_names[0]}}/" state=directory
# 问题
如何获取当前执行主机所属于的group_name,理论执行过程中,该主机所属组应该有且只有一个名称
# 解决办法
暂时无解,网上给的只是该ip所属于的group_names集合,如果ip在多个组中都存在,则返回一个list
# 问题
ansible使用include和tags时,tags要标注到被include子文件的task下,只标注在父文件的tags无效
# 问题
如何定义某些任务,默认不执行,指定才执行
#解决办法
使用tags实现,默认不执行的任务指定tags: ["never", "rootaddkey"],这样默认执行ansible-playbook -i staging site.yaml,则不会执行该任务,要想执行该任务则使用ansible-playbook -i staging site.yaml --tags "rootaddkey"
# 问题
playbook中变量包含大括号{特殊字符,该如何转义
比如实际密码是:MRkK{{#XxISrj1NS
# 解决办法
应该写成"MRkK{{ '{{' }}#XxISrj1NS"
注意:如果本身密码没有特殊字符,最外层也可以添加双引号,外层双引号不会算成密码
# 问题
ansilbe-playbook执行的时候报错:
"module_stdout": "Traceback (most recent call last):\r\n File \"/root/.ansible/tmp/ansible-tmp-1588056123.7350829-155148156428763/AnsiballZ_authorized_key.py\", line 102, in <module>\r\n _ansiballz_main()\r\n File \"/root/.ansible/tmp/ansible-tmp-1588056123.7350829-155148156428763/AnsiballZ_authorized_key.py\", line 94, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/root/.ansible/tmp/ansible-tmp-1588056123.7350829-155148156428763/AnsiballZ_authorized_key.py\", line 40, in invoke_module\r\n runpy.run_module(mod_name='ansible.modules.system.authorized_key', init_globals=None, run_name='__main__', alter_sys=True)\r\n File \"/usr/lib64/python2.6/runpy.py\", line 136, in run_module\r\n fname, loader, pkg_name)\r\n File \"/usr/lib64/python2.6/runpy.py\", line 54, in _run_module_code\r\n mod_loader, pkg_name)\r\n File \"/usr/lib64/python2.6/runpy.py\", line 34, in _run_code\r\n exec code in run_globals\r\n File \"/tmp/ansible_authorized_key_payload_DeA1Lm/ansible_authorized_key_payload.zip/ansible/modules/system/authorized_key.py\", line 230, in <module>\r\n File \"/tmp/ansible_authorized_key_payload_DeA1Lm/ansible_authorized_key_payload.zip/ansible/module_utils/urls.py\", line 99, in <module>\r\n File \"/usr/lib/python2.6/site-packages/urllib3/__init__.py\", line 7, in <module>\r\n from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool, connection_from_url\r\n File \"/usr/lib/python2.6/site-packages/urllib3/connectionpool.py\", line 100\r\n _blocking_errnos = {errno.EAGAIN, errno.EWOULDBLOCK}\r\n ^\r\nSyntaxError: invalid syntax\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1
# 解决办法,执行额外的ansible_python_interpreter
10.0.0.41 ansible_python_interpreter=/usr/bin/python3.6