Ansible配置错误!无法使用SSH密码而不是密钥

Question

我想通过使用Ansible来配置我最后一个节点的三个节点.

我的主机是Windows 10.

我的Vagrantfile看起来像:

Vagrant.configure("2") do |config|

  (1..3).each do |index|
    config.vm.define "node#{index}" do |node|

      node.vm.box = "ubuntu"
      node.vm.box = "../boxes/ubuntu_base.box"

      node.vm.network :private_network, ip: "192.168.10.#{10 + index}"

      if index == 3
        node.vm.provision :setup, type: :ansible_local do |ansible|
          ansible.playbook = "playbook.yml"
          ansible.provisioning_path = "/vagrant/ansible"
          ansible.inventory_path = "/vagrant/ansible/hosts"
          ansible.limit = :all
          ansible.install_mode = :pip
          ansible.version = "2.0"
        end
      end

    end
  end

end

我的剧本看起来像:

---

# my little playbook

- name: My little playbook
  hosts: webservers
  gather_facts: false
  roles:
    - create_user

我的主机文件看起来像:

[webservers]
192.168.10.11
192.168.10.12

[dbservers]
192.168.10.11
192.168.10.13

[all:vars]
ansible_connection=ssh
ansible_ssh_user=vagrant
ansible_ssh_pass=vagrant

执行后vagrant up --provision我得到以下错误:

Bringing machine 'node1' up with 'virtualbox' provider...
Bringing machine 'node2' up with 'virtualbox' provider...
Bringing machine 'node3' up with 'virtualbox' provider...
==> node3: Running provisioner: setup (ansible_local)...
    node3: Running ansible-playbook...

PLAY [My little playbook] ******************************************************

TASK [create_user : Create group] **********************************************
fatal: [192.168.10.11]: FAILED! => {"failed": true, "msg": "ERROR! Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."}
fatal: [192.168.10.12]: FAILED! => {"failed": true, "msg": "ERROR! Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."}

PLAY RECAP *********************************************************************
192.168.10.11              : ok=0    changed=0    unreachable=0    failed=1
192.168.10.12              : ok=0    changed=0    unreachable=0    failed=1

Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.

我扩展了我的Vagrantfile ansible.limit = :all并添加[all:vars]到主机文件,但仍无法解决错误.

有没有人遇到过同样的问题？

Answer 1

使用以下内容ansible/ansible.cfg在项目目录中(即ansible.cfg在provisioning_path目标上)创建一个文件:

[defaults]
host_key_checking = false

^{如果您的Vagrant盒sshpass已经安装 - 目前还不清楚,因为您的问题中的错误消息表明它已安装(否则它将是" 错误!使用带有密码的'ssh'连接类型,您必须安装sshpass程序 ") ,但在你的回答中,你明确地添加它(sudo apt-get install sshpass),就像它没有}

Answer 2

我正在使用Ansible版本2.6.2并且解决方案host_key_checking = false不起作用.

添加环境变量export ANSIBLE_HOST_KEY_CHECKING=False跳过指纹检查.

Answer 3

运行以下命令，它解决了我的问题

导出 ANSIBLE_HOST_KEY_CHECKING=False && ansible-playbook -i

Answer 4

该错误也可以通过简单地导出ANSIBLE_HOST_KEY_CHECKING变量来解决。

export ANSIBLE_HOST_KEY_CHECKING=False

来源：https : //github.com/ansible/ansible/issues/9442

Answer 5

在Ubuntu 20.04上使用Ansible 2.9.6时，我遇到了类似的挑战。

当我运行命令时：

ansible all -m ping -i inventory.txt

我收到错误：

目标| 失败的！=> { "msg": "无法使用 SSH 密码代替密钥，因为启用了主机密钥检查，而 sshpass 不支持此功能。请将此主机的指纹添加到您的known_hosts 文件中以管理此主机。" }

这是我修复它的方法：

当您安装 ansible 时，它​​会创建一个名为 的文件ansible.cfg，可以在目录中找到该文件/etc/ansible。只需打开文件：

sudo nano /etc/ansible/ansible.cfg

取消注释此行以禁用 SSH 密钥主机检查

host_key_checking = False

现在保存文件，现在应该没问题了。

注意：您还可以尝试known_hosts通过从您的计算机通过 SSH 连接到服务器来将主机的指纹添加到您的文件中，这会提示您将主机的指纹保存到您的known_hosts文件中：

promisepreston@ubuntu:~$ ssh myusername@192.168.43.240

The authenticity of host '192.168.43.240 (192.168.43.240)' can't be established.
ECDSA key fingerprint is SHA256:9Zib8lwSOHjA9khFkeEPk9MjOE67YN7qPC4mm/nuZNU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.43.240' (ECDSA) to the list of known hosts.

myusername@192.168.43.240's password: 
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-53-generic x86_64)

就这样。

我希望这有帮助

Answer 6

所有提供的解决方案都需要更改全局配置文件或添加环境变量，这会给新人员带来问题。

相反，您可以将以下变量添加到您的清单或主机变量中

ansible_ssh_common_args: '-o StrictHostKeyChecking=no'

Answer 7

该SO帖子给出了答案。

我只是在负责配置的机器上扩展了known_hosts文件，如下所示：

我修改后的Vagrantfile中的代码段：

...
if index == 3
    node.vm.provision :pre, type: :shell, path: "install.sh"

    node.vm.provision :setup, type: :ansible_local do |ansible|
...

我的install.sh看起来像：

# add web/database hosts to known_hosts (IP is defined in Vagrantfile)
ssh-keyscan -H 192.168.10.11 >> /home/vagrant/.ssh/known_hosts
ssh-keyscan -H 192.168.10.12 >> /home/vagrant/.ssh/known_hosts
ssh-keyscan -H 192.168.10.13 >> /home/vagrant/.ssh/known_hosts
chown vagrant:vagrant /home/vagrant/.ssh/known_hosts

# reload ssh in order to load the known hosts
/etc/init.d/ssh reload