无法打开外壳:Ansible v2.3.1.0 [英] Unable to open shell: Ansible v2.3.1.0
问题描述
所以我每天都使用 Ansible 来管理我们的 AWS 实例,现在我正在测试管理我们的网络基础设施(我是网络人员,可以做一些系统管理工作)但遇到了问题我似乎无法绕过.
So I use Ansible day-to-day to manage our AWS instances and now I'm testing out managing our network infrastructure (I'm a Network guy, who can do some system admin stuff) but have run into a problem that I can't seem to get around.
我这里有一台启用了 SSH 的 Cisco 3750G.我可以使用指定的用户 ssh 登录并运行我的剧本中所有失败的命令.
I have a Cisco 3750G here that I've enabled SSH on. I can ssh in with the specified user and run all the commands that are failing in my playbook.
我能够从 Ansible 成功使用 ping 模块到此开关,但是每当我尝试使用 ios_commands 或 ios_configs 模块时,它都会失败并显示错误无法打开外壳.
I'm able to use the ping module successfully from Ansible to this switch but whenever I try to use the ios_commands or ios_configs modules it fails with the errorunable to open shell.
我正在使用 Ansible v2.3.1.0,它将持久连接作为一项新功能.使用谷歌搜索后,我发现一些人遇到了这个问题,并以各种方式解决了这个问题(没有一个对我有用).
I'm using Ansible v2.3.1.0 which has persistent connections as a new feature. Done some googling and I've found a few people who have had this issue and have fixed it in various ways (none of which worked for me).
我尝试过的事情:
- 在
secrets.yaml文件中指定连接变量.然后使用我的用户名、auth_pass 和密码指定provider在机密文件中. - 将
ansible_connection设置更改为local和ssh(都不是工作) - 在我的
ansible.cfg文件中暂时禁用 host_key_checking
- Specified the connection variables in a
secrets.yamlfile. Then specified theproviderusing my username, auth_pass, and password in the secrets file. - Changing the
ansible_connectionsetting tolocalandssh(neither worked) - Disabled host_key_checking for now in my
ansible.cfgfile
在那之后没有用我试过:- 在剧本中手动创建提供者连接变量本身.- 使用了 2 个不同的模块 ios_commands 和 ios_configs(有一些
两个模块之间的区别,但对我而言,两者的作用应该相同)
After that didnt work I tried:
- Manually creating the provider connection variables in the playbook
itself.
- Used 2 different modules ios_commands and ios_configs (there's some
difference between the 2 modules but for my use both should act the same)
https://docs.ansible.com/ansible/network_debug_troubleshooting.html#category-unable-to-open-shell该文档指出,我看到的错误通常是身份验证问题,但此处似乎并非如此.
https://docs.ansible.com/ansible/network_debug_troubleshooting.html#category-unable-to-open-shell This doc states that the error I'm seeing is normally an authentication issue but that doesnt seem to be the case here.
还有其他人遇到过这个问题或有任何见解吗?如果有人想查看,我有一个日志文件,其中包含我的剧本运行的调试输出.我已在下方发布了我的示例剧本以供审核.
Anyone else run into this or have any insight ? I have a log file with the debug output from my playbook run if anyone wants to view that. I've posted my sample playbook below for review.
主机:切换收集事实:没有连接:本地任务:
hosts: switch gather_facts: no connection: local tasks:
- name: GATHER CREDENTIALS
include_vars: secrets.yaml
- name: DEFINE CONNECTION PROVIDER
set_fact:
provider:
username: "{{ creds['username'] }}"
password: " {{ creds['password'] }}"
auth_pass: "{{ creds['auth_pass'] }}"
- name: Show interfaces
ios_config:
provider: "{{ provider }}"
commands:
- show ip int br
register: cisco_int
- debug: var=cisco_int.stdout_lines
推荐答案
我终于弄清楚这里发生了什么.这是一个组合.
I finally figured out what was happening here. It was a combination of things.
2.3 的持久连接功能对我来说是坏的,所以我不得不降级到 2.2.0.0
The persistent connection feature of 2.3 is broken for me so I had to downgrade to 2.2.0.0
然后我不得不在我的清单中手动指定我的 python 解释器.显然,您可以以不将其安装到的方式安装 paramiko/usr/bin/python 而是转到 /usr/local/bin/python,前者是 Ansible 运行其模块的地方.
Then I had to manually specify my python interpreter in my inventory.
Apparently you can install paramiko in a way that doesnt install it to
/usr/bin/python but instead goes to /usr/local/bin/python, the former
being where Ansible runs its modules from.
我也认为 ios_command 和 ios_config 的行为是错误的相似.config 用于全局/接口配置中的命令模式.command 在 user 和 priv exec 模式下运行.
I also thought wrong that the behavior of ios_command and ios_config
were similar. config is used for commands in global/interface config
mode. command runs from user and priv exec mode.
现在我的剧本运行了,我可以在我的 3750 上获得 show ip int br 的输出.
Now my playbook runs and I can get the output of show ip int br on my 3750.
这篇关于无法打开外壳:Ansible v2.3.1.0的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
