Ansible改变剧本中的ssh端口

Question

这是库存文件

---
[de-servers]
192.26.32.32

[uk-servers]
172.21.1.23
172.32.2.11

我的剧本看起来像这样:

- name: Install de-servers configurations
  hosts: de-servers  
  roles:
    - de-server-setup

- name: Install uk-servers configurations
  hosts: uk-servers  
  roles:
    - uk-server-setup

- name: Do some other job on de-servers (cannot be done until uk-servers is installed)
  hosts: de-servers
  roles:
    - de-servers-rest-of-jobs

在角色de-servers-setup角色中,ssh端口从22更改为8888,因此当调用最后一个任务时,它会失败,因为它无法通过22端口连接到主机.如何克服这个ssh端口的变化？

Answer 1

在角色中de-server-setup添加任务以更改ansible_port主机变量.

- name: Change ssh port to 8888
  set_fact:
    ansible_port: 8888

Answer 2

我唯一能想到的可能就是为你的主机创建ssh别名.在你的.ssh/config:

Host de.1.before
  HostName 192.26.32.32
  Port 22

Host de.1.after
  HostName 192.26.32.32
  Port 8888

然后在Ansible清单中使用这些别名:

[de-servers-before]
de.1.before

[de-servers-after]
de.1.after

然后分别在你的戏剧中定义的组:

- name: Install de-servers configurations
  hosts: de-servers-before
  roles:
    - de-server-setup

- name: Install uk-servers configurations
  hosts: uk-servers  
  roles:
    - uk-server-setup

- name: Do some other job on de-servers (cannot be done until uk-servers is installed)
  hosts: de-servers-after
  roles:
    - de-servers-rest-of-jobs

Answer 3

简单的方法，编辑/etc/ansible/hosts：

[my_server]
ssdnodes:54321

您可以通过发出 ping 来测试它：

ansible ssdnodes -m ping

响应将是：

ssdnodes | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Answer 4

我对此的完整解决方案是创建一个导入到所有其他剧本顶部的通用剧本，以检查ansible_port清单中定义的非标准状态。如果端口已打开，请照常继续。如果没有打开，请检查端口22并设置ansible_port事实。

稍后，当首次配置SSH服务器并将默认端口更改为我的非标准端口时，我随后ansible_port在我的剧本中手动更新了事实，以便当前运行中的任何其他Ansible连接都能按预期工作。

我的库存看起来像这样：

[webservers]
web01.somedomain.com ansible_port=1234

我的剧本看起来像这样：

- name: Determine SSH port
  hosts: all
  gather_facts: no
  remote_user: root
  tasks:
    - name: "Check port {{ ansible_port }}"
      wait_for:
        port: "{{ ansible_port }}"
        state: "started"
        host: "{{ inventory_hostname }}"
        connect_timeout: "5"
        timeout: "5"
      delegate_to: "localhost"
      ignore_errors: "yes"
      register: ssh_port

    - name: "Check port 22"
      wait_for:
        port: "22"
        state: "started"
        host: "{{ inventory_hostname }}"
        connect_timeout: "5"
        timeout: "5"
      delegate_to: "localhost"
      ignore_errors: "yes"
      register: ssh_port_default
      when: 
        - ssh_port is defined 
        - ssh_port.state is undefined

    - name: Set SSH port to 22
      set_fact:
        ansible_port: "22"
      when: ssh_port_default.state is defined

最后，在配置了SSH服务器并更改了端口之后，我得到了以下信息：

- name: Set SSH port to 1234
  set_fact:
    ansible_port: "1234"

Answer 5

我建议将端口号放在清单文件中。像下面的例子。

[linux-servers]
xcpng5.homelab.com ansible_port=3511
xcpng2.homelab.com ansible_port=3522
xcpng1.homelab.com ansible_port=3523

我试图实现相同的目标，这有助于我设置不同的 ssh 端口。