使用ansible执行ssh-add会引发错误

Question

使用ansible执行ssh-add会引发错误

Rob*_*ert 7 ssh ssh-keys ssh-agent ansible ansible-playbook

我正在尝试使用Ansible为ssh连接创建基础结构.

- name: Copy ssh key to each server
  copy: src=static_folder_key dest=/home/ec2-user/.ssh/ mode=0600

- name: Enable ssh Agent
  shell: eval $(ssh-agent -s)

- name: Adding ssh key for static forlder project
  shell: ssh-add /home/ec2-user/.ssh/static_folder_key
  sudo: True

Run Code Online (Sandbox Code Playgroud)

我创建了一个新的ssh密钥并复制到我的服务器.然后我执行代理,后来我添加新键允许连接.但是当我执行ansible时,我收到了这个错误.

TASK: [git | Adding ssh key for static forlder project] *********************** 
failed: [admin_vehicles] => {"changed": true, "cmd": "ssh-add /home/ec2-user/.ssh/static_folder_key", "delta": "0:00:00.004346", "end": "2015-08-12 15:05:00.878208", "rc": 2, "start": "2015-08-12 15:05:00.873862", "warnings": []}
stderr: Could not open a connection to your authentication agent.
failed: [leads_messages] => {"changed": true, "cmd": "ssh-add /home/ec2-user/.ssh/static_folder_key", "delta": "0:00:00.004508", "end": "2015-08-12 15:05:01.286031", "rc": 2, "start": "2015-08-12 15:05:01.281523", "warnings": []}
stderr: Could not open a connection to your authentication agent.

FATAL: all hosts have already failed -- aborting

Run Code Online (Sandbox Code Playgroud)

如果我手动执行此操作,一切都很顺利.

ssh-add /home/ec2-user/.ssh/static_folder_key 
Identity added: /home/ec2-user/.ssh/static_folder_key (/home/ec2-user/.ssh/static_folder_key)

Run Code Online (Sandbox Code Playgroud)

那么任何提示？也许我在我的剧本任务中遗漏了一些东西？

Answer 1

yae*_*shi 5

每个任务的环境都是独立的，因此您不能将ssh-agent一个任务中所做的设置留给其他任务。

我强烈建议您使用 SSH 代理转发。将以下内容放入~/.ssh/config，然后在本地运行ssh-agent，然后再运行。就这样。ssh-add static_folder_keyansible-playbook

Host *
ForwardAgent yes

Run Code Online (Sandbox Code Playgroud)

即使代理转发不是一个选项，您也不必运行ssh-agent没有密码的私钥文件。将以下配置复制到~/.ssh/config远程主机上并运行ssh到 static-folder-host.

Host static-folder-host
Hostname static-folder-host.static-folder-domain
User static-folder-user
IdentityFile ~/.ssh/static_folder_key

Run Code Online (Sandbox Code Playgroud)

Answer 2

小智 5

对此的解决方案是eval "$(ssh-agent)"在ssh-add. 最初我尝试了两个 Ansible 任务，但它以相同的方式失败，因为它们是原子的并且无法保持状态。我最终得到的最终解决方案是在单个任务中调用这两个命令，如下所示：

  - name: Evaluating the authentication agent & adding the key...
    shell: |
      eval "$(ssh-agent)"
      ssh-add ~/.ssh/id_rsa_svn_ssh

Run Code Online (Sandbox Code Playgroud)

归档时间：	10 年，3 月前
查看次数：	3687 次
最近记录：	7 年，3 月前