Ansible 验证用户是否能够使用密码进行SSH
我想测试用户是否能够使用SSH密码进行SSH。这就是我想做的。我尝试了一些模块:local_action,wait_for,但没有得到结果。playbook结果必须简单地告诉我在尝试SSH时连接成功或失败的位置 要求是测试哪个用户帐户成功地与远程服务器建立SSH连接。运行ansible脚本的用户在这些服务器上有多个帐户,但SSH登录将成功,只需用户不知道的正确帐户。用户帐户都有相同的密码 清单文件:Ansible 验证用户是否能够使用密码进行SSH,ansible,Ansible,我想测试用户是否能够使用SSH密码进行SSH。这就是我想做的。我尝试了一些模块:local_action,wait_for,但没有得到结果。playbook结果必须简单地告诉我在尝试SSH时连接成功或失败的位置 要求是测试哪个用户帐户成功地与远程服务器建立SSH连接。运行ansible脚本的用户在这些服务器上有多个帐户,但SSH登录将成功,只需用户不知道的正确帐户。用户帐户都有相同的密码 清单文件: all: children: FXO-Test: hosts:
all:
children:
FXO-Test:
hosts:
host1.abcd.com:
host2.abcd.com:
vars:
ansible_user: user1
剧本:
---
- hosts: "{{ targethosts }}"
gather_facts: no
tasks:
- name: Test connection
local_action: command ssh -q -o BatchMode=yes -o ConnectTimeout=3 {{ inventory_hostname }}
register: test_user
ignore_errors: true
changed_when: false
使用以下命令调用:
ansible-playbook checkLogin.yml -i ans_inventory_test --ask-pass --extra-vars "targethosts=FXO-Test" | tee verify_user.log
希望看到哪些SSH连接失败,哪些正常工作
基于Vladimir Botka的回应,我进一步调整了剧本,从清单文件中提取主机名
我更新的剧本“verifySSHLogin.yml”:
- hosts: localhost
gather_facts: no
vars:
my_users:
- user1
- user2
my_hosts: "{{ query('inventory_hostnames', 'all') }}"
tasks:
- expect:
command: "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no {{ item.0 }}@{{ item.1 }}"
timeout: 2
responses:
(.*)password(.*):
- "password" # Fit the password
- "\x03" # Ctrl-C
(.*)\$(.*): "exit" # Fit the prompt
loop: "{{ my_users|product(my_hosts)|list }}"
register: result
ignore_errors: yes
- debug:
msg: "{{ (item.rc == 0)|ternary(item.invocation.module_args.command ~ ' [OK]',item.invocation.module_args.command ~ ' [KO]') }}"
loop: "{{ result.results }}"
我现在使用以下命令调用它:
ansible-playbook verifySSHLogin.yml -i ans_inventory_test --extra-vars "targethosts=FXO-Test" | tee verify_user.log
然后,我可以对verify_user.log执行grep,如下所示:
grep '\"msg\": \"ssh' verify_user.log
ansible-playbook verifySSHLogin.yml -i ans_inventory_test -k --extra-vars "targethosts=FXO-Test" | tee verify_user.log
这给了我以下结果,这是我所期望的:
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user1@host1.abc.corp.com [OK]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user1@host2.abc.corp.com [OK]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user1@host3.abc.corp.com [KO]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user2@host1.abc.corp.com [KO]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user2@host2.abc.corp.com [KO]"
"msg": "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no user2@host3.abc.corp.com [KO]"
进一步调整了剧本,以避免SSH密码的硬编码。最后的剧本现在看起来像:
- hosts: localhost
gather_facts: no
vars:
my_users:
- user1
- user2
my_hosts: "{{ query('inventory_hostnames', 'all') }}"
tasks:
- expect:
command: "ssh -o PubkeyAuthentication=no -o StrictHostKeyChecking=no {{ item.0 }}@{{ item.1 }}"
timeout: 2
responses:
(.*)password(.*):
- "{{ ansible_password }}" # Fit the password
- "\x03" # Ctrl-C
(.*)\$(.*): "exit" # Fit the prompt
loop: "{{ my_users|product(my_hosts)|list }}"
register: result
ignore_errors: yes
- debug:
msg: "{{ (item.rc == 0)|ternary(item.invocation.module_args.command ~ ' [OK]',item.invocation.module_args.command ~ ' [KO]') }}"
loop: "{{ result.results }}"
SSH密码可以通过如下方式传递给ansible playbook命令:
grep '\"msg\": \"ssh' verify_user.log
ansible-playbook verifySSHLogin.yml -i ans_inventory_test -k --extra-vars "targethosts=FXO-Test" | tee verify_user.log
模块应完成该工作。鉴于
user1@test_01可以登录,播放下面的内容
- hosts: localhost
vars:
my_users:
- user1
- user2
my_hosts:
- test_01
- test_02
tasks:
- expect:
command: "ssh {{ item.0 }}@{{ item.1 }}"
timeout: 2
responses:
(.*)password(.*):
- "password" # Fit the password
- "\x03" # Ctrl-C
(.*)\$(.*): "exit" # Fit the prompt
with_nested:
- "{{ my_users }}"
- "{{ my_hosts }}"
register: result
ignore_errors: yes
- debug:
msg: "{{ (item.rc == 0)|ternary(item.invocation.module_args.command ~ ' [OK]',
item.invocation.module_args.command ~ ' [KO]') }}"
loop: "{{ result.results }}"
给出(grep msg):
工作起来很有魅力:-)。我对它进行了一些调整,以便从清单文件中选择主机名。