0

我已经转了一圈,我可以说这篇文章不是重复的。我一直在使用 Ansible 2.9.x,并且使用 ec2.py 动态清单与堡垒主机的连接对我来说一直很好。我正在切换到 ansible was_ec2 插件,其中一个原因甚至是在我的另一个stackoverflow帖子上。

我收集到以下信息是我的库存文件和 ansible.cfg 文件

#myprovile.aws_ec2.yml
plugin: amazon.aws.aws_ec2
boto_profile: my profile
strict: True
regions:
  - eu-west-1
  - eu-central-1
  - eu-north-1
keyed_groups:
  - key: tags
    prefix: tag
hostnames:
  - ip-address
  # - dns-name
  # - tag:Name
  - private-ip-address
compose:
  ansible_host: private_ip_address

# folder/project level ansible.cfg  configuration
[defaults]
roles_path            = roles
host_key_checking     = False
hash_behaviour        = merge ### Note to self: Extremely important settings
interpreter_python    = auto  ### Note to self: Very important settings for running    from localhost

[inventory]
enable_plugins = aws_ec2, host_list, script, auto, yaml, ini, toml
# inventory = plugin_inventory/bb.aws_ec2.yaml

库存有 group_vars 文件

➜  plugin_inventory git:(develop) ✗ tree
.
├── myprovile.aws_ec2.yml
└── group_vars
    ├── tag_Name_main_productname_uat_jumpbox.yml
    ├── tag_Name_main_productname_uat_mongo.yml
    ├── tag_Name_main_productname_uat_mongo_arb.yml
    ├── tag_Name_main_productname_uat_mysql.yml
    └── tag_Name_xxx.yml
    └── tag_Name_yyy.yml

要访问私有子网中的 mongo db,group_vars 文件如下所示

#ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -i {{ hostvars.localhost.reg_jumpbox_ssh_key }} -W %h:%p -q ubuntu@{{ hostvars.localhost.reg_jumpbox_facts.instances.0.public_ip_address }}"'
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -i ~/Dropbox/creds/pemfiles/ProductUATOps.pem -W %h:%p -q ubuntu@xxx.xxx.xxx.xxx"'

每次我运行命令

AWS_PROFILE=myprofile ansible -i ~/infrastructure_as_code/ansible_projects/productname/plugin_inventory/myprofile.aws_ec2.yml tag_Name_main_productname_uat_mongo -m ping -u ubuntu --private-key ~/Dropbox/creds/pemfiles/ProductUATOps.pem -vvvv

它没有连接,完整的输出和其他一些信息在pastebin

现在我看到的一些奇怪的事情是,即使在 ansible.cfg 中有host_key_checking= False我仍然在 command 中找到以下内容Are you sure you want to continue connecting (yes/no/[fingerprint])?

我还看到它正在寻找,但~/.ssh/known_hosts2\就是/etc/ssh/ssh_known_hosts那里的东西。/etc/ssh/ssh_known_hosts2~/.ssh/known_hosts

日志中还有一个令人困惑的错误"module_stdout": "/bin/sh: 1: /Users/joseph/.pyenv/shims/python: not found\r\n"。但是在操作系统方面,使用 pyenv 的 python 安装是一致的:

➜  ~ which python
/Users/joseph/.pyenv/shims/python

➜  ~ python --version
Python 3.8.12 (9ef55f6fc369, Oct 25 2021, 05:10:01)
[PyPy 7.3.7 with GCC Apple LLVM 13.0.0 (clang-1300.0.29.3)]

➜  ~ ls -lh /Users/joseph/.pyenv/shims/python
-rwxr-xr-x  1 joseph  staff   183B Feb 14 22:47   /Users/joseph/.pyenv/shims/python

➜  ~ /usr/bin/env python --version
Python 3.8.12 (9ef55f6fc369, Oct 25 2021, 05:10:01)
[PyPy 7.3.7 with GCC Apple LLVM 13.0.0 (clang-1300.0.29.3)]

我怀疑这个错误是由于某些东西阻止了指纹进入已知的主机文件,我很想自己手动模拟 ssh 隧道,但我想了解为什么会发生这种情况以及是否是因为这是一个新机器。任何人都可以为我阐明这一点。谢谢

4

1 回答 1

1

ansible-config dump使用它运行后ansible.cfg,它会发出AnsibleOptionsError: Invalid value "merge ##...,所以它似乎只是默默地吃掉了配置文件,或者可能正在使用不同的配置文件

似乎虽然#是受支持的行首注释字符,但 ansible-config(从 2.12.1 开始)仅允许;作为和行尾注释字符

[defaults]
roles_path            = roles
host_key_checking     = False
hash_behaviour        = merge ;;; Note to self: Extremely important settings
interpreter_python    = auto  ;;; Note to self: Very important settings for running    from localhost

[inventory]
enable_plugins = aws_ec2, host_list, script, auto, yaml, ini, toml
于 2022-02-18T16:51:35.330 回答