Loops 当在循环中使用时,可能表现出荒谬的行为
下面分享我的测试案例,演示可以复制的问题: 我拥有从ansible主机到具有Loops 当在循环中使用时,可能表现出荒谬的行为,loops,ansible,delegates,ansible-module,Loops,Ansible,Delegates,Ansible Module,下面分享我的测试案例,演示可以复制的问题: 我拥有从ansible主机到具有root用户的跳转服务器的ssh连接,如下所示: anuser1@ANSIBLE_HOST# ssh root@10.0.0.1 ----------> success anuser1@ANSIBLE_HOST# ssh root@10.0.0.2 ----------> success --- - name: CHECK LOOP ignore_errors: yes
root
用户的跳转服务器的ssh连接,如下所示:
anuser1@ANSIBLE_HOST# ssh root@10.0.0.1 ----------> success
anuser1@ANSIBLE_HOST# ssh root@10.0.0.2 ----------> success
---
- name: CHECK LOOP
ignore_errors: yes
debug:
msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: localhost
- name: CHECK RAW
ignore_errors: yes
raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: localhost
- name: CHECK LOOP2
ignore_errors: yes
debug:
msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: "{{ item }}"
- name: CHECK RAW1
ignore_errors: yes
raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: "{{ item }}"
然而,这两个跳转服务器都没有python,因此我只在我的剧本中使用raw
模块
下面是我用来执行playbook的命令:
ansible-playbook /app/playbook/injectkey/injectkey.yml -e JUMP_SERVER='10.0.0.1\n10.0.0.2' -e TARGET_SERVER='192.0.0.99' -e TARGET_USER='root' -vvv
下面是我的playbook injectkey.yml:
---
- name: "Play 1"
hosts: localhost
gather_facts: false
tags: always
tasks:
- name: Add host
debug:
msg: " hello "
- set_fact:
jump_server_list: "{{ JUMP_SERVER | trim }}"
- set_fact:
target_server_list: "{{ TARGET_SERVER | trim }}"
- add_host:
hostname: "{{ item }}"
groups: jump_nodes
with_items: "{{ jump_server_list.split('\n') }}"
- add_host:
hostname: "{{ item }}"
groups: dest_nodes
with_items: "{{ target_server_list.split('\n') }}"
- name: "Play 3"
hosts: dest_nodes
user: root
gather_facts: false
ignore_unreachable: yes
tasks:
- name: DEEBUG Inject ssh keys by invoking script
include_tasks: testcheckandaddkey.yml
with_items: "{{ groups['jump_nodes'] }}"
问题在于testcheckandaddkey.yml
中的task->CHECK RAW1
,如下所示:
anuser1@ANSIBLE_HOST# ssh root@10.0.0.1 ----------> success
anuser1@ANSIBLE_HOST# ssh root@10.0.0.2 ----------> success
---
- name: CHECK LOOP
ignore_errors: yes
debug:
msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: localhost
- name: CHECK RAW
ignore_errors: yes
raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: localhost
- name: CHECK LOOP2
ignore_errors: yes
debug:
msg: "/tmp/addkeyscript.sh {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: "{{ item }}"
- name: CHECK RAW1
ignore_errors: yes
raw: "echo {{ item }} {{ inventory_hostname }} {{ TARGET_USER }}"
delegate_to: "{{ item }}"
在testcheckandaddkey.yml
中,我可以在debug
模块中看到这两个IP,但是对于第二个IP 10.0.0.2(带有raw
模块),委托没有发生,如下面的输出所示
输出:
TASK [DEEBUG Inject ssh keys by invoking script] ***********************************************************************************************************************
task path: /app/playbook/injectkey/injectkey.yml:93
included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99
included: /app/playbook/injectkey/testcheckandaddkey.yml for 192.0.0.99
TASK [CHECK LOOP] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:4
ok: [192.0.0.99 -> localhost] => {
"msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root"
}
TASK [CHECK RAW] *******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:10
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser
<localhost> EXEC echo 10.0.0.1 192.0.0.99 root
changed: [192.0.0.99 -> localhost] => {
"changed": true,
"rc": 0,
"stderr": "",
"stderr_lines": [],
"stdout": "10.0.0.1 192.0.0.99 root\n",
"stdout_lines": [
"10.0.0.1 192.0.0.99 root"
]
}
TASK [CHECK LOOP2] *****************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:15
ok: [192.0.0.99 -> 10.0.0.1] => {
"msg": "/tmp/addkeyscript.sh 10.0.0.1 192.0.0.99 root"
}
TASK [CHECK RAW1] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:21
<10.0.0.1> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.0.1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/1a88418cb1 -tt 10.0.0.1 'echo 10.0.0.1 192.0.0.99 root'
<10.0.0.1> (0, '10.0.0.1 192.0.0.99 root\r\n', 'Shared connection to 10.0.0.1 closed.\r\n')
changed: [192.0.0.99 -> 10.0.0.1] => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 10.0.0.1 closed.\r\n",
"stderr_lines": [
"Shared connection to 10.0.0.1 closed."
],
"stdout": "10.0.0.1 192.0.0.99 root\r\n",
"stdout_lines": [
"10.0.0.1 192.0.0.99 root"
]
}
TASK [CHECK LOOP] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:4
ok: [192.0.0.99 -> localhost] => {
"msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root"
}
TASK [CHECK RAW] *******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:10
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansibleuser
<localhost> EXEC echo 10.0.0.2 192.0.0.99 root
changed: [192.0.0.99 -> localhost] => {
"changed": true,
"rc": 0,
"stderr": "",
"stderr_lines": [],
"stdout": "10.0.0.2 192.0.0.99 root\n",
"stdout_lines": [
"10.0.0.2 192.0.0.99 root"
]
}
TASK [CHECK LOOP2] *****************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:15
ok: [192.0.0.99 -> 10.0.0.2] => {
"msg": "/tmp/addkeyscript.sh 10.0.0.2 192.0.0.99 root"
}
TASK [CHECK RAW1] ******************************************************************************************************************************************************
task path: /app/playbook/injectkey/testcheckandaddkey.yml:21
<10.0.0.2> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.0.2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/home/ansibleuser/.ansible/cp/42c5d2e05f -tt 10.0.0.2 'echo 10.0.0.2 192.0.0.99 root'
<10.0.0.2> (255, '', 'Permission denied (publickey,password,keyboard-interactive).\r\n')
fatal: [192.0.0.99]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,password,keyboard-interactive).",
"skip_reason": "Host 192.0.0.99 is unreachable",
"unreachable": true
}
我从有问题的任务中尝试了上面的ssh命令checkraw1
手动操作,工作正常
您能建议我如何让两个IP的代表团而不是单个IP工作吗
我们将非常感谢任何让这项工作起作用的变通方法