[我已经看到许多帖子声称在使用ansible CLI执行时剧本可以正常工作,但在AWX中却不能。但是,我没有找到解决问题的方法。为简单起见,我扮演以下角色:
---
- name: Append Public key in authorized_keys file
authorized_key:
user: "{{ username }}"
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
其名称如下:
- name: copy root public key to nodes
become: yes
become_user: root
hosts: jenkins-nodes
roles:
- role: copy-keys
username: root
使用CLI运行它,如下所示:
ansible-playbook -i inventory.ini -u root <my-playbook> ---vvv
按预期工作,并显示以下内容:
TASK [copy-keys : Append Public key in authorized_keys file
***************************************************************
task path: /opt/jenkins-cluster/roles/copy-keys/tasks/main.yml:2
...
ok: [jenkins-agent-1] => {
"changed": false,
"comment": null,
"exclusive": false,
"invocation": {
"module_args": {
"comment": null,
"exclusive": false,
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuF9U2HvzUubuYYZxJaEu/1nls7RLAZO+qcJF37RIepTSLOgoPsluq7uVRhEnadqnB0yVWccZYHs6WEp5Fo2QIRDRho4+TuACB26EE4GTYGnozyMwOwVcTzRo0CiUXfo3IZKWwQ+v8WwBMae3EpYrbrEZy6lLS8K85uYseyjg1myRhEsltdSiNnHun7p09/v/HMq2KsZcmx6nTg66QvkbbnFvv9UpGQ1J6gvimp11r5r1hwXaB7ejTwrxMICvaE2Flq3WGeaB35I4dYFsrWNK1CalP7jPF+MRgqHUrjoOy5hxp3zSXunfGWeRJCaJY5hYDLp3hTGrt8BwcdD+8Gy7r root@inf-inone01-prd",
"key_options": null,
"keyfile": "/root/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "root",
"validate_certs": true
}
},
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuF9U2HvzUubuYYZxJaEu/1nls7RLAZO+qcJF37RIepTSLOgoPsluq7uVRhEnadqnB0yVWccZYHs6WEp5Fo2QIRDRho4+TuACB26EE4GTYGnozyMwOwVcTzRo0CiUXfo3IZKWwQ+v8WwBMae3EpYrbrEZy6lLS8K85uYseyjg1myRhEsltdSiNnHun7p09/v/HMq2KsZcmx6nTg66QvkbbnFvv9UpGQ1J6gvimp11r5r1hwXaB7ejTwrxMICvaE2Flq3WGeaB35I4dYFsrWNK1CalP7jPF+MRgqHUrjoOy5hxp3zSXunfGWeRJCaJY5hYDLp3hTGrt8BwcdD+8Gy7r root@inf-inone01-prd",
"key_options": null,
"keyfile": "/root/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "root",
"validate_certs": true
}
...
META: ran handlers
META: ran handlers
当我在AWX中执行完全相同的操作时,我得到:
TASK [copy-keys : Append Public key in authorized_keys file]
*******************
task path: /var/lib/awx/projects/_39__jenkins_cluster/roles/copy-keys/tasks/main.yml:2
[WARNING]: Unable to find '~/.ssh/id_rsa.pub' in expected paths (use -vvvvv to
see paths)
[WARNING]: Unable to find '~/.ssh/id_rsa.pub' in expected paths (use -vvvvv to
see paths)
fatal: [jenkins-agent-1]: FAILED! => {
"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a
<class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: ~/.ssh/id_rsa.pub"
}
例外是无法找到文件〜/ .ssh / id_rsa.pub,此处是用户root的/root/.ssh/id_rsa.pub,因为该文件不存在。我的理解是,authorized_key模块将在ansible控制器上将/root/.ssh/id_rsa.pub文件的内容添加到目标主机上的authorized_keys文件中。这个文件存在:
PROD root@inf-inone01-prd jenkins-cluster $ cat /root/.ssh/id_rsa.pub
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCuF9U2HvzUubuYYZxJaEu/1nls7RLAZO
+qcJF37RIepTSLOgoPsluq7uVRhEnadqnB0yVWccZY
Hs6WEp5Fo2QIRDRho4+TuACB26EE4GTYGnozyMwOwVcTzRo0CiUXfo3IZKWwQ
+v8WwBMae3EpYrbrEZy6lLS8K85uYseyjg1myRhEsltd
SiNnHun7p09/v/HMq2KsZcmx6nTg66QvkbbnFvv9UpGQ1J6gvimp11r5r1hwXaB7ejTwrxMIC
vaE2Flq3WGeaB35I4dYFsrWNK1CalP7jPF+MRgqHUrjoOy5hxp3zSXunfGWeRJCaJY5hYDLp3hTGrt8BwcdD+8Gy7r
root@inf-inone01-prd
PROD root@inf-inone01-prd jenkins-cluster $
显然,authorized_keys模块无法解析〜/ .ssh,但是在使用CLI运行时,它是怎么解决的?
任何建议都将受到高度赞赏,因为在花了一些时间测试整个内容以便使用CLI覆盖所有情况之后,我认为将所有内容放入AWX只需几分钟。不幸的是,这不是。
亲切的问候,
尼古拉斯
我有相同的需求,并且发现最佳解决方案涉及使用自定义凭据类型。
here和here很好地解释了如何设置自定义凭证类型的示例。
就我而言,我创建了一个自定义凭据类型,称为“ SSH密钥对凭据”,如here所示。
输入配置:
fields:
- id: my_ssh_private_key
type: string
label: ssh_private_key
secret: true
multiline: true
- id: my_ssh_public_key
type: string
label: ssh_public_key
secret: true
注入的配置:
extra_vars:
ssh_private_key: '{{ tower.filename.my_ssh_private_key }}'
ssh_public_key: '{{ tower.filename.my_ssh_public_key }}'
file:
template.my_ssh_private_key: '{{ my_ssh_private_key }}'
template.my_ssh_public_key: '{{ my_ssh_public_key }}'
创建自定义凭证类型后,创建自定义凭证,如here所示。
然后将自定义凭据添加到要使用的相应模板中,如here所示。
使用了以下剧本变量:
admin_username: "admin"
admin_public_sshkey: "{{ '~/.ssh/id_rsa.pub' | expanduser }}"
admin_private_sshkey: "{{ '~/.ssh/id_rsa' | expanduser }}"
admin_ssh_private_key: "{{ ssh_private_key | d(admin_private_sshkey) }}"
admin_ssh_public_key: "{{ ssh_public_key | d(admin_public_sshkey) }}"
然后,在设置authorized_key时,剧本引用了“ admin_ssh_public_key”变量:
- name: Add admin user SSH authorized keys
when: admin_ssh_public_key is defined
authorized_key:
user: "{{ admin_username }}"
key: "{{ admin_ssh_public_key }}"