Docker 如何让ansible访问sshd容器?
我使用ansible脚本加载并启动容器 因此,这当然是一个良好的开端:Docker 如何让ansible访问sshd容器?,docker,ansible,openssh,Docker,Ansible,Openssh,我使用ansible脚本加载并启动容器 因此,这当然是一个良好的开端: bash-4.4$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8bedbd3b7d88 rastasheep/ubuntu-sshd "/usr/sbin/s
bash-4.4$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8bedbd3b7d88 rastasheep/ubuntu-sshd "/usr/sbin/sshd -D" 37 minutes ago Up 36 minutes 0.0.0.0:49154->22/tcp test
bash-4.4$
所以在ssh访问ansible失败后,我从shell手动测试了它
这也可以
bash-4.4$ ssh root@172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:YtTfuoRRR5qStSVA5UuznGamA/dvf+djbIT6Y48IYD0.
ECDSA key fingerprint is MD5:43:3f:41:e9:89:45:06:6f:f6:42:c4:6a:70:37:f8:1d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root@172.17.0.2's password:
root@8bedbd3b7d88:~# logout
Connection to 172.17.0.2 closed.
bash-4.4$
因此,失败的步骤是尝试从ansible脚本获取它&访问ssh副本id
ansible错误消息为:
Fatal: [172.17.0.2]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,password).\r\n", "unreachable": true}
---
- hosts: 127.0.0.1
tasks:
- name: start docker service
service:
name: docker
state: started
- name: load and start the container we wanna use
docker_container:
name: test
image: rastasheep/ubuntu-sshd
state: started
ports:
- "49154:22"
- name: Wait maximum of 300 seconds for ports to be available
wait_for:
host: 0.0.0.0
port: 49154
state: started
- hosts: 172.17.0.2
vars:
passwordadmin: $6$pbE6yznA$AeFIdI.....K0
passwordroot: $6$TMrxQUxT$I8.JIzR.....TV1
ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
tasks:
- name: Build test container root user rsa ssh-key
shell: docker exec test ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
因此,我甚至无法运行构建ssh所需的步骤
那怎么办
仅当在第二个容器上多次尝试后启动2cd步骤时才会出现问题 结论是我的手术很糟糕 我为解决这个问题所做的:
现在我可以构建缺少的工具了。问题似乎不在于连接,而在于身份验证(上面写着“权限被拒绝”)。您是否在清单中或调用ansible时提供了ssh密码?当然还没有密码-我必须首先在远程容器上构建密钥/启动ssh/生成密码-然后才能更新任何ansible localhost ssh设置信息根据docker映像的文档,密码是
根目录
。但是我没有看你试图运行的命令-你实际上想要在主机系统上运行的docker
命令,所以host
必须是127.0.0.1
才能执行第二个任务不,在第一个任务完成后,我必须在docker image而不是localhost上运行,并且docker exec test
会处理这个问题您基本上会说“在名为test
的容器中运行以下命令”。但是您必须在主机的上下文中运行它(因为这是容器运行的地方)。