我只使用Vagrant创建VM,因为我仍在从Ansible控制主机手动配置它们,因为我仍在创建/编辑Ansible脚本。
我可以执行
vagrant ssh ansible
和vagrant ssh app1/2/3
等。但是当我尝试从Ansible控制主机执行ansible-playbook oracle.yml
时,SSH失败,并显示fatal: [192.168.60.10]: UNREACHABLE! => {"changed": false, "msg": "SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue", "unreachable": true}
我可以使用用户无业游民和密码无业游民成功地将Ansible VM从ssh切换到Oracle VM。
我的Vagrantfile的关键部分是:
config.ssh.insert_key = false
config.vm.define "db" do |db|
db.vm.box = "boxcutter/ol67"
db.vm.hostname = "oracle-vm"
db.vm.network "forwarded_port", guest: 22, host: 2201, id: "ssh", auto_correct: false
db.vm.network "forwarded_port", guest: 1521, host: 1521
db.vm.network "private_network", ip: "192.168.60.10"
db.vm.provider "virtualbox" do |v|
v.name = "oracle-vm"
v.linked_clone = true
v.memory = 2048
v.cpus = 2
end
end
#Optional ansible control machine for Windows users
config.vm.define "ansible", autostart: false do |ansible|
ansible.vm.box = "williamyeh/ansible"
ansible.vm.hostname = "ansible-vm"
ansible.vm.network "forwarded_port", guest: 22, host: 2204, id: "ssh", auto_correct: false
ansible.vm.network "private_network", ip: "192.168.60.50"
ansible.vm.provider "virtualbox" do |v|
v.linked_clone = true
end
#Mount the project directory on the guest so we can run the playbooks from there
ansible.vm.synced_folder ".", "/data/ansible", create: true
end
在
vagrant up
之后,我需要放入Vagrantfile来允许Ansible VM连接到其他VM,而无需密码或其他手动步骤,该怎么办? 这仅用于在开发人员PC上的专用网络上进行开发测试,因此安全性并不是真正的问题,其次是易于实现和流畅的用户体验。
#1 楼
没有通用的方法,这可能取决于boxcutter/ol67
的包装方式。最简单的方法是在Ansible库存文件中定义密码:
[oracle-vm:vars]
ansible_ssh_user=vagrant
ansible_ssh_pass=vagrant
第二种方法是保留在
oracle-vm
机器上配置的不安全私钥,并将私钥注入到ansible
VM:config.vm.provision "shell" do |s|
ssh_insecure_key = File.readlines("#{Dir.home}/.vagrant.d/insecure_private_key").first.strip
s.inline = <<-SHELL
echo #{ssh_insecure_key} >> /home/vagrant/.ssh/id_rsa
chown vagrant /home/vagrant/.ssh/id_rsa
chmod 400 /home/vagrant/.ssh/id_rsa
SHELL
end
预先在主机上生成密钥对,将私钥注入Ansible VM,将公钥注入Oracle的
authorized_keys
。在Ansible VM上生成密钥对,将公钥复制到Oracle VM使用外壳配置程序并将
vagrant
作为ssh-copy-id
的密码。列表并没有在此结束,这取决于所需的安全性。
#2 楼
根据techraf的第三个建议,我做了以下操作:vagrant up ansible
ssh-keygen
(不按回车键就输入密码)将
.ssh/id_rsa
和.ssh/id_rsa.pub
复制到了项目中目录vagrant destroy ansible
修改了
Vagrantfile
以将id_rsa
复制到所有主机修改了
Vagrantfile
以将id_rsa.pub
复制到authorized_keys
在所有主机上修改了Vagrantfile以禁用主机检查
Vagrantfile代码段:
config.vm.provision "file", source: "id_rsa", destination: "/home/vagrant/.ssh/id_rsa"
public_key = File.read("id_rsa.pub")
config.vm.provision :shell, :inline =>"
echo 'Copying ansible-vm public SSH Keys to the VM'
mkdir -p /home/vagrant/.ssh
chmod 700 /home/vagrant/.ssh
echo '#{public_key}' >> /home/vagrant/.ssh/authorized_keys
chmod -R 600 /home/vagrant/.ssh/authorized_keys
echo 'Host 192.168.*.*' >> /home/vagrant/.ssh/config
echo 'StrictHostKeyChecking no' >> /home/vagrant/.ssh/config
echo 'UserKnownHostsFile /dev/null' >> /home/vagrant/.ssh/config
chmod -R 600 /home/vagrant/.ssh/config
", privileged: false
评论
该解决方案对我来说效果很好,但是我不得不将Host 192.168。*。*更改为*。不知道为什么。谢谢!
– Zacho
18-10-2在19:04
#3 楼
如果要在列表中包含预格式化的块,请缩进八个空格:生成公钥/私钥
cd vagrant-home
ssh-keygen // just pressed enter
copy ~/.ssh/id_rsa .
copy ~/.ssh/id_rsa.pub .
编辑Vagrantfile,添加以下行:
config.vm.provision“ file”,源:“ id_rsa”,目标:“ / home / vagrant / .ssh / id_rsa”
public_key = File.read("id_rsa.pub")
config.vm.provision "shell", inline: <<-SCRIPT
chmod 600 /home/vagrant/.ssh/is_rsa
echo 'Copying ansible-vm public SSH Keys to the VM'
#mkdir -p /home/vagrant/.ssh
chmod 700 /home/vagrant/.ssh
echo '#{public_key}' >> /home/vagrant/.ssh/authorized_keys
chmod -R 600 /home/vagrant/.ssh/authorized_keys
echo 'Host 192.168.*.*' >> /home/vagrant/.ssh/config
echo 'StrictHostKeyChecking no' >> /home/vagrant/.ssh/config
echo 'UserKnownHostsFile /dev/null' >> /home/vagrant/.ssh/config
chmod -R 600 /home/vagrant/.ssh/config
SCRIPT
vagrant up // or vagrant reload --provision
评论
这只是我的答案的重新格式化版本吗?如果是这样,您可能应该编辑我的答案,而不是添加一个新答案。
–opticyclic
18年8月21日在17:14
评论
devops.stackexchange.com/questions/1017/…的副本...我说得很清楚,我可以在VM之间切换,但ansible不能,因为它需要设置密钥。他不能嘘。问题显然不同。
@JamesShewey:我认为该问题的任何答案都与此无关。给出的答案是指主人与客人之间的通讯;需要的答案需要在来宾之间应用。