在安装ansbile后,都会写个简单配置文件,测试ansible管理与目标机的连通性,如测试ping
我的hosts文件
[rems2@rems2 playbooks]$ cat hosts
testserver ansible_ssh_host=127.0.0.1 ansible_ssh_user=root
环境有限,测试与本机的连通性,使用root用户
执行测试机报错信息
[rems2@rems2 playbooks]$ ansible testserver -i hosts -m ping
testserver | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
这个问题郁闷了好大一会,在macos上没遇到过问题
问题原因
原因在于没有在ansible管理节点上添加目标节点的ssh登陆认证信息。
1. ansible管理节点生成ssh-key
# ssh-keygen
执行成功后,将会在~/.ssh目录下生成2个文件:id_rsa和id_rsa.pub
2. 添加目标节点的ssh认证信息
[rems2@rems2 .ssh]$ ssh-copy-id root@127.0.0.1 --->我这里是连的本机
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is 2f:d6:db:35:4f:6d:7b:76:aa:c2:51:7f:8d:ec:91:6c.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@127.0.0.1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@127.0.0.1'"
and check to make sure that only the key(s) you wanted were added.
测试ansbile
[rems2@rems2 playbooks]$ ansible testserver -i hosts -m ping
testserver | SUCCESS => {
"changed": false,
"ping": "pong"
}
OK了