运行 ansible 剧本时 ssh-rsa 密钥出错
Error in ssh-rsa key when run a ansible playbook
我有以下剧本:
---
- name: Get Nokia Info
hosts: LAB9ERIP008
connection: local
gather_facts: no
tasks:
- name: run show version command
sros_command:
commands: show version
register: config
- name: create backup of configuration
copy:
content: "{{config.stdout[0]}}"
dest: "/home/dafe/scripts/ansible/backups/show_version_{{inventory_hostname}}.txt"
当我 运行 剧本时,给我以下错误:
[dafe@CETPMGIP001 ansible]$ ansible-playbook nokia.yml -i myhostsfile
PLAY [Get Cisco Info] **************************************************************************************************************
TASK [run show version command] ****************************************************************************************************
fatal: [LAB9ERIP008]: FAILED! => {"msg": "paramiko: The authenticity of host '10.150.16.129' can't be established.\nThe ssh-rsa key fingerprint is fca0d4eb97414dc5b5a13fa552e5dd69."}
to retry, use: --limit @/home/dafe/scripts/ansible/nokia.retry
PLAY RECAP *************************************************************************************************************************
LAB9ERIP008 : ok=0 changed=0 unreachable=0 failed=1
我试图将 var:
放入 myhostsfile
ansible_ssh_private_key_file=/home/dafe/.ssh/known_hosts
但是继续报,同样的错误。
如果我手动对主机执行 ssh 并添加密钥:
[dafe@CETPMGIP001 ansible]$ ssh dafernandes@10.150.16.129
The authenticity of host '10.150.16.129 (10.150.16.129)' can't be established.
RSA key fingerprint is SHA256:0YQYfLnRCQDZzpZ1+8ekW/Gks6mTxpI4xA56siaQUsM.
RSA key fingerprint is MD5:fc:a0:d4:eb:97:41:4d:c5:b5:a1:3f:a5:52:e5:dd:69.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.150.16.129' (RSA) to the list of known hosts.
TiMOS-C-16.0.R6 cpm/hops64 Nokia 7750 SR Copyright (c) 2000-2019 Nokia.
All rights reserved. All use subject to applicable license agreements.
Built on Wed Feb 27 14:42:05 PST 2019 by builder in /builds/c/160B/R6/panos/main
dafernandes@10.150.16.129's password:
然后运行剧本就不会再犯错误了:
[dafe@CETPMGIP001 ansible]$ ansible-playbook nokia.yml -i myhostsfile
PLAY [Get Cisco Info] **************************************************************************************************************
TASK [run show version command] ****************************************************************************************************
ok: [LAB9ERIP008]
TASK [create backup of configuration] **********************************************************************************************
ok: [LAB9ERIP008]
PLAY RECAP *************************************************************************************************************************
LAB9ERIP008 : ok=2 changed=0 unreachable=0 failed=0
我该如何解决这个问题?
谢谢。
大卫
在 ansible.cfg 文件的 [defaults] 部分尝试设置密钥 host_key_checking = false。
这显然不安全。
由于 SSH 是 Ansible 用于与目标主机通信的主要机制,因此在尝试执行 Ansible 剧本之前在您的环境中正确配置 SSH 非常重要。
这种情况下的根本问题可能是与您尝试连接的 SSH 主机关联的 SSH 密钥已更改,不再与 ~/.ssh/known-hosts 中的内容匹配。有关 SSH 主机密钥用途的更多信息,请参见 here。
我有以下剧本:
---
- name: Get Nokia Info
hosts: LAB9ERIP008
connection: local
gather_facts: no
tasks:
- name: run show version command
sros_command:
commands: show version
register: config
- name: create backup of configuration
copy:
content: "{{config.stdout[0]}}"
dest: "/home/dafe/scripts/ansible/backups/show_version_{{inventory_hostname}}.txt"
当我 运行 剧本时,给我以下错误:
[dafe@CETPMGIP001 ansible]$ ansible-playbook nokia.yml -i myhostsfile
PLAY [Get Cisco Info] **************************************************************************************************************
TASK [run show version command] ****************************************************************************************************
fatal: [LAB9ERIP008]: FAILED! => {"msg": "paramiko: The authenticity of host '10.150.16.129' can't be established.\nThe ssh-rsa key fingerprint is fca0d4eb97414dc5b5a13fa552e5dd69."}
to retry, use: --limit @/home/dafe/scripts/ansible/nokia.retry
PLAY RECAP *************************************************************************************************************************
LAB9ERIP008 : ok=0 changed=0 unreachable=0 failed=1
我试图将 var:
放入 myhostsfileansible_ssh_private_key_file=/home/dafe/.ssh/known_hosts
但是继续报,同样的错误。
如果我手动对主机执行 ssh 并添加密钥:
[dafe@CETPMGIP001 ansible]$ ssh dafernandes@10.150.16.129
The authenticity of host '10.150.16.129 (10.150.16.129)' can't be established.
RSA key fingerprint is SHA256:0YQYfLnRCQDZzpZ1+8ekW/Gks6mTxpI4xA56siaQUsM.
RSA key fingerprint is MD5:fc:a0:d4:eb:97:41:4d:c5:b5:a1:3f:a5:52:e5:dd:69.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.150.16.129' (RSA) to the list of known hosts.
TiMOS-C-16.0.R6 cpm/hops64 Nokia 7750 SR Copyright (c) 2000-2019 Nokia.
All rights reserved. All use subject to applicable license agreements.
Built on Wed Feb 27 14:42:05 PST 2019 by builder in /builds/c/160B/R6/panos/main
dafernandes@10.150.16.129's password:
然后运行剧本就不会再犯错误了:
[dafe@CETPMGIP001 ansible]$ ansible-playbook nokia.yml -i myhostsfile
PLAY [Get Cisco Info] **************************************************************************************************************
TASK [run show version command] ****************************************************************************************************
ok: [LAB9ERIP008]
TASK [create backup of configuration] **********************************************************************************************
ok: [LAB9ERIP008]
PLAY RECAP *************************************************************************************************************************
LAB9ERIP008 : ok=2 changed=0 unreachable=0 failed=0
我该如何解决这个问题?
谢谢。
大卫
在 ansible.cfg 文件的 [defaults] 部分尝试设置密钥 host_key_checking = false。
这显然不安全。
由于 SSH 是 Ansible 用于与目标主机通信的主要机制,因此在尝试执行 Ansible 剧本之前在您的环境中正确配置 SSH 非常重要。
这种情况下的根本问题可能是与您尝试连接的 SSH 主机关联的 SSH 密钥已更改,不再与 ~/.ssh/known-hosts 中的内容匹配。有关 SSH 主机密钥用途的更多信息,请参见 here。