ansible 2.0.1.0
config file = /Users/tpai/src/cm/ansible.cfg
configured module search path = Default w/o overrides
[defaults]
host_key_checking=False
timeout=20
forks=20
force_handlers = True
roles_path = ./roles
callback_whitelist=profile_tasks
filter_plugins = ./filter_plugins
[ssh_connection]
pipelining = True
control_path = /tmp/ansible-ssh-%%h-%%p-%%r
์ค์๋ธ ํธ์คํธ : OS X 10.11.3
๋์ : ์ฐ๋ถํฌ 14.04.02
ssh-extra-args
ProxyCommand๋ host_key_checking=False
๋ฅผ ์ค๋จํฉ๋๋ค.
ansible.cfg
๋๋ ssh-extra-args
์์ฒด์ ์ค์ ๋ host_key_checking=False
ssh-extra-args
๋ฅผ ์ฌ์ฉํ ๋ ์ฐ๊ฒฐํ์ง ์์ ํธ์คํธ์ ํค๋ฅผ ์๋ฝํ๋ผ๋ ๋ฉ์์ง๊ฐ ๊ณ์ ํ์๋ฉ๋๋ค. ์ ์.
ansible-playbook provision_envs/configure-sid.yml -i inventory/sid --limit=tag_build_5 --vault-password-file ../vault_key --ssh-extra-args='-o ProxyCommand="ssh -W %h:%p [email protected]"' -vvvvv
์ ํธ์คํธ์ ๋ํด ํ๋ ์ด๋ถ์ ์คํํฉ๋๋ค.
StrictHostKeyChecking
๊ฐ ํ์ฑํ๋ ๊ฒ์ฒ๋ผ ํค๋ฅผ ์๋ฝํ๋ผ๋ ๋ฉ์์ง๊ฐ ํ์๋ฉ๋๋ค.
$ ansible-playbook provision_envs/configure-sid.yml -i inventory/sid --limit=tag_build_5 --vault-password-file ../vault_key --ssh-extra-args='-o ProxyCommand="ssh -W %h:%p [email protected]"' -vvvvv
Using /Users/tpai/src/cm/ansible.cfg as config file
Loaded callback default of type stdout, v2.0
Loaded callback profile_tasks of type aggregate, v2.0
2 plays in provision_envs/configure-sid.yml
PLAY ***************************************************************************
skipping: no hosts matched
PLAY ***************************************************************************
TASK [setup] *******************************************************************
Friday 11 March 2016 12:40:12 +0000 (0:00:00.122) 0:00:00.122 **********
<10.0.251.222> ESTABLISH SSH CONNECTION FOR USER: user
<10.0.251.222> SSH: ansible.cfg set ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.251.222> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.251.222> SSH: ansible_password/ansible_ssh_pass not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<10.0.251.222> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=user)
<10.0.251.222> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=20)
<10.0.251.222> SSH: PlayContext set ssh_common_args: ()
<10.0.251.222> SSH: PlayContext set ssh_extra_args: (-o)(ProxyCommand=ssh -W %h:%p [email protected])
<10.0.251.222> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/tmp/ansible-ssh-%h-%p-%r)
<10.0.251.222> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=user -o ConnectTimeout=20 -o 'ProxyCommand=ssh -W %h:%p [email protected]' -o ControlPath=/tmp/ansible-ssh-%h-%p-%r 10.0.251.222 '/bin/sh -c '"'"'LANG=en_GB.UTF-8 LC_ALL=en_GB.UTF-8 LC_MESSAGES=en_GB.UTF-8 /usr/bin/python'"'"''
The authenticity of host 'host.com (1.2.3.4)' can't be established.
ECDSA key fingerprint is SHA256:kjghdfjkghdkfjghkdjfgdfgdfjghdkjfg.
Are you sure you want to continue connecting (yes/no)?
**ssh connection times out**
fatal: [7.8.9.0]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh", "unreachable": true}
to retry, use: --limit @provision_envs/configure-sid.retry
PLAY RECAP *********************************************************************
7.8.9.0 : ok=0 changed=0 unreachable=1 failed=0
์ด๊ฒ์ ๋ฒ๊ทธ๊ฐ ์๋๋๋ค. ํด๋น ๋์์ ์ํ๋ ๊ฒฝ์ฐ ProxyCommand์ -o StrictHostKeyChecking=no
๋ฅผ ์ถ๊ฐํ ์ ์์ต๋๋ค. Ansible์ด ์ฌ์ฉ์๊ฐ ์ง์ ํ ssh_extra_args ๋ด๋ถ์ ProxyCommand์ ์ถ๊ฐ ์ธ์๋ฅผ ์๋ํ๊ณ ์ฝ์
ํ๋ ๊ฒ์ ๋งค์ฐ ํ๋ช
ํ์ง ์์ต๋๋ค.
ํ์ธ, ์๋:
ansible-playbook provision_envs/configure-sid.yml -i inventory/sid --limit=tag_build_5 --vault-password-file ../vault_key --ssh-extra-args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p [email protected]"'
์ด๊ฒ์ ์๋ํ์ง๋ง ์๋ํ์ง ์์ต๋๋ค ... ๋ด๊ฐ ๋ญ๊ฐ๋ฅผ ๋์น๊ณ ์์ต๋๊น?
ansible-playbook --private-key aws_key.pem -u ์ฐ๋ถํฌ -e --ssh-extra-args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="ssh -o StrictHostKeyChecking=no - o UserKnownHostsFile=/dev/null -W %h:%p [email protected] "' -i hosts.txt ./ansible/docker.yml
์ฌ์ ํ ๋ ธํ์ฐ๋ฅผ ์๊ตฌํฉ๋๋ค
๊ฐ์ฅ ์ ์ฉํ ๋๊ธ
์ด๊ฒ์ ๋ฒ๊ทธ๊ฐ ์๋๋๋ค. ํด๋น ๋์์ ์ํ๋ ๊ฒฝ์ฐ ProxyCommand์
-o StrictHostKeyChecking=no
๋ฅผ ์ถ๊ฐํ ์ ์์ต๋๋ค. Ansible์ด ์ฌ์ฉ์๊ฐ ์ง์ ํ ssh_extra_args ๋ด๋ถ์ ProxyCommand์ ์ถ๊ฐ ์ธ์๋ฅผ ์๋ํ๊ณ ์ฝ์ ํ๋ ๊ฒ์ ๋งค์ฐ ํ๋ช ํ์ง ์์ต๋๋ค.