在尝试通过堡垒主机运行ansible时,我遇到了非常不明显的错误。我只是想通了如果我连接到堡垒盒然后单独ssh到私人ips将ips添加到堡垒框中的known_hosts然后退出并重新运行,ansible将起作用。
似乎问题是我尝试通过堡垒框连接的私有ips不在堡垒框的known_hosts文件中,我没有在运行playbook时提示添加它们
我的ssh.cfg看起来像这样:
Host 172.*.*.*
ProxyCommand ssh -W %h:%p -A ubuntu@nat.cloudapp.net
IdentityFile ~/.ssh/id_rsa
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
Host nat.cloudapp.net
Hostname nat.cloudapp.net
User ubuntu
IdentityFile ~/.ssh/id_rsa
ForwardAgent yes
ControlMaster auto
ControlPath ~/.ssh/ansible-%r@%h:%p
ControlPersist 5m
答案 0 :(得分:1)
您应该能够使用ssh -F ssh.cfg user@172.16.0.5测试.cfg文件,它将告诉您ssh.cfg文件是否独立于ansible工作。
在我的.cfg文件中,我列出了每个主机,因为C类边界上的通配符对我没什么帮助。这是我的一块看起来像:
Host 10.0.0.4
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Hostname 10.0.0.4
User corona
ForwardAgent yes
ControlMaster auto
ControlPath ~/.ssh/ansible-%r@%h:%p
ControlPersist 5m
Host 10.84.96.33
ProxyCommand ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p corona@10.0.0.4
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Host 10.84.96.36
ProxyCommand ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p corona@10.0.0.4
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
看起来确实很奇怪,但是我在proxycommand行和Host声明中列出了StringHostKeyChecking = no两者。试一试。