0

嗨,我在通过 kubespray 使用 ansible 时不断收到此错误,我想知道如何克服它


TASK [bootstrap-os : Assign inventory name to unconfigured hostnames (non-CoreOS, non-Flatcar, Suse and ClearLinux)] ********************************************************************************************************************************************************************************************************
task path: /home/dc/xcp-projects/kubespray/roles/bootstrap-os/tasks/main.yml:50

<192.168.10.55> (1, b'\x1b[1;31m==== AUTHENTICATING FOR org.freedesktop.hostname1.set-hostname ===\r\n\x1b[0mAuthentication is required to set the local host name.\r\nMultiple identities can be used for authentication:\r\n 1.  test\r\n 2.  provision\r\n 3.  dc\r\nChoose identity to authenticate as (1-3): \r\n{"msg": "Command failed rc=1, out=, err=\\u001b[0;1;31mCould not set property: Connection timed out\\u001b[0m\\n", "failed": true, "invocation": {"module_args": {"name": "node3", "use": null}}}\r\n', b'Shared connection to 192.168.10.55 closed.\r\n')
<192.168.10.55> Failed to connect to the host via ssh: Shared connection to 192.168.10.55 closed.
<192.168.10.55> ESTABLISH SSH CONNECTION FOR USER: provision
<192.168.10.55> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/dc/.ssh/xcp_server_k8s_nodes/xcp-k8s-provision-key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="provision"' -o ConnectTimeout=10 -oStrictHostKeyChecking=no -o ControlPath=/home/dc/.ansible/cp/c6d70a0b7d 192.168.10.55 '/bin/sh -c '"'"'rm -f -r /home/provision/.ansible/tmp/ansible-tmp-1614373378.5434802-17760837116436/ > /dev/null 2>&1 && sleep 0'"'"''
<192.168.10.56> (0, b'', b'')
fatal: [node2]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "name": "node2",
            "use": null
        }
    },
    "msg": "Command failed rc=1, out=, err=\u001b[0;1;31mCould not set property: Method call timed out\u001b[0m\n"
}

我的库存文件如下

all:
  hosts:
    node1:
      ansible_host: 192.168.10.54
      ip: 192.168.10.54
      access_ip: 192.168.10.54
    node2:
      ansible_host: 192.168.10.56
      ip: 192.168.10.56
      access_ip: 192.168.10.56
    node3:
      ansible_host: 192.168.10.55
      ip: 192.168.10.55
      access_ip: 192.168.10.55
  children:
    kube-master:
      hosts:
        node1:
        node2:
    kube-node:
      hosts:
        node1:
        node2:
        node3:
    etcd:
      hosts:
        node1:
        node2:
        node3:
    k8s-cluster:
      children:
        kube-master:
        kube-node:
    calico-rr:
      hosts: {}

我还有一个文件,它以下列方式提供用户

- name: Add a new user named provision
  user:
    name: provision
    create_home: true
    shell: /bin/bash
    password: "{{ provision_password }}"
    groups: sudo
    append: yes

- name: Add a new user named dc
  user:
    name: dc
    create_home: true
    shell: /bin/bash
    password: "{{ provision_password }}"
    groups: sudo
    append: yes

- name: Add provision user to the sudoers
  copy:
    dest: "/etc/sudoers.d/provision"
    content: "provision  ALL=(ALL)  NOPASSWD: ALL"

- name: Add provision user to the sudoers
  copy:
    dest: "/etc/sudoers.d/dc"
    content: "dc  ALL=(ALL)  NOPASSWD: ALL"


- name: Disable Root Login
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: "PermitRootLogin no"
    state: present
    backup: yes

  notify:
    - Restart ssh

我已按以下方式运行 ansible 命令

ansible-playbook -i kubespray/inventory/mycluster/hosts.yaml --user="provision"  --ssh-extra-args="-oStrictHostKeyChecking=no" --key-file "/home/dc/.ssh/xcp_server_k8s_nodes/xcp-k8s-provision-key" kubespray/cluster.yml -vvv


ansible-playbook -i kubespray/inventory/mycluster/hosts.yaml --user="provision"  --ssh-extra-args="-oStrictHostKeyChecking=no" --key-file "/home/dc/.ssh/xcp_server_k8s_nodes/xcp-k8s-provision-key" --become-user="provision" kubespray/cluster.yml -vv

两者都产生相同的错误有趣的升级似乎在较早的点上成功了

阅读本文 https://askubuntu.com/questions/542397/change-default-user-for-authentication后, 我决定将用户添加到 sudo 组,但错误仍然存​​在

查看错误建议的 main.yaml 文件位置,似乎此代码可能导致问题?

# Workaround for https://github.com/ansible/ansible/issues/42726
# (1/3)
- name: Gather host facts to get ansible_os_family
  setup:
    gather_subset: '!all'
    filter: ansible_*

- name: Assign inventory name to unconfigured hostnames (non-CoreOS, non-Flatcar, Suse and ClearLinux)
  hostname:
    name: "{{ inventory_hostname }}"
  when:
    - override_system_hostname
    - ansible_os_family not in ['Suse', 'Flatcar Container Linux by Kinvolk', 'ClearLinux'] and not is_fedora_coreos

主机的操作系统是 ubuntu 20.04.02 服务器,我还能做些什么吗?

4

1 回答 1

3

来自 Kubespray 文档:

# Deploy Kubespray with Ansible Playbook - run the playbook as root
# The option `--become` is required, as for example writing SSL keys in /etc/,
# installing packages and interacting with various systemd daemons.
# Without --become the playbook will fail to run!
ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root cluster.yml

如前所述,这--become是强制性的,它允许对 Kubespray 执行的大多数系统修改(如设置主机名)进行权限升级。

--user=provision您只是设置 SSH 用户,但无论如何它都需要权限提升。--become-user=provision您只是说权限升级将升级为“配置”用户(但您需要进行--become权限升级)。在这两种情况下,除非 'provision' 用户具有 root 权限(不确定将其放在root组中是否足够),否则这还不够。

要使用户“提供”就足够了,您需要确保它可以在hostnamectl <some-new-host>不被要求进行身份验证的情况下执行 a。

于 2021-02-27T05:55:09.783 回答