我想配置可通过堡垒主机访问的私有虚拟机,所以我使用ubuntu 20.04镜像,然后安装python和所有相关库,之后我创建虚拟环境并安装Ansible。
stages:
- configure
configure:
image: ubuntu:20.04
stage: configure
before_script:
- apt-get -y update
- addgroup deploy
- mkdir /opt/.env
- chgrp -R deploy /opt/.env
- chmod -R 770 /opt/.env
- apt install -y build-essential libssl-dev libffi-dev python3-dev
- apt install -y python3-pip
- apt install -y python3-venv
- apt install git -y
- python3.8 -m venv /opt/.env/basic --system-site-packages
- source /opt/.env/basic/bin/activate
- pip install wheel
- pip install ansible
script:
- source /opt/.env/basic/bin/activate
- echo $my_ssh_key >> .ssh/my_ssh_key.pem
- chmod 400 .ssh/my_ssh_key.pem
- mv .ssh /root/.ssh,
- mv .ansible.cfg /root/.ansible.cfg
- echo $(ansible --version)
- ansible-playbook ansible/playbooks/start.yml
我的repo结构如下。
.ssh
|_ ansible.cfg
ansible
|_ playbooks
.ansible.cfg
.gitlab-ci.yml
.ansible.cfg的内容:
[ssh_connection]
ssh_args = -F /root/.ssh/ansible.cfg -o ControlMaster=auto -o ControlPersist=60m
control_path = /root/.ssh/ansible-%%r@%%h:%%p
.ssh.ansible.cfg的内容。
Host BASTION
HostName x.x.xx.x
User ec2-user
IdentityFile /root/.ssh/my_ssh_key.pem
ControlMaster auto
ControlPath /root/.ssh/ansible-%r@%h:%p
ControlPersist 5m
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
Host 10.*
User ec2-user
IdentityFile /root/.ssh/my_ssh_key.pem
stricthostkeychecking=no
ProxyJump BASTION
然而,当ansible脚本执行时,我收到了以下错误:
fatal: [10.1.8.58]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: kex_exchange_identification: Connection closed by remote host",
"unreachable": true
}
在ansible运行命令中添加用户并没有改变任何东西(ansible-playbook ansible/playbooks/start.yml -u ec2-user)
有人遇到过类似的问题吗?我现在没办法了,如果有任何想法,我会感激不尽。
根据文档,你应该在你的变量文件中设置ansible_ssh_common_args变量。
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q user@bastion_host"'