Ansible 无法构建所需的 ssh 命令 [英] Ansible fails to construct desired ssh command
问题描述
我的组织制定了一项政策,允许仅"以下 ssh 命令起作用.
My organisation has a policy in place that allows "only" the below ssh command to work.
ssh -i /tmp/private.key -t user2@host2 bash --noprofile
我尝试修改ansible库存主机文件来构建上面的ssh.在下面查看我的 ansible 主机文件:
I tried to modify the ansible inventory host file to construct the above ssh. See my ansible host file below:
host2 ansible_ssh_common_args="-t -o UserKnownHostsFile=/dev/null" ansible_shell_executable=sh ANSIBLE_HOST_KEY_CHECKING=false ansible_ssh_private_key_file=/tmp/private.key USER_RUN=user2
我也尝试了以下方法,但它们也失败了
I also tried the below but they too fail
ansible_shell_executable=/bin/bash
ansible_ssh_extra_arg=.....
我的 ansible 版本是:
My ansible version is:
ansible --version
ansible 2.7.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/user1/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
在调试中我看到ansible构建的ssh没有
In debug i see that the ssh constructed by ansible does not have
bash --noprfile
bash --noprfile
在 user2@target2 之后
after user2@target2
请帮忙提供解决方案.
推荐答案
为此,您可以通过
库存
some_host ansible_shell_executable="/bin/bash --noprofile"
other_host ansible_shell_executable="/bin/bash --noprofile"
或全局通过
ansible.cfg
executable = /bin/bash --noprofile
更多信息可以在 ansible 文档.
More information can be found in the ansible documentation.
请注意,ansible 还会在幕后进行 sftp
传输.
Please note, that ansible additionally does sftp
transfers under the hood.
恕我直言,如果你想在你的组织中使用 ansible,改变政策是合理的.
IMHO if you want to use ansible in your organisation, it would be reasonable to change the policy.
这篇关于Ansible 无法构建所需的 ssh 命令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!