Ansible 无法构建所需的 ssh 命令 [英] Ansible fails to construct desired ssh command

问题描述

我的组织制定了一项政策，允许仅"以下 ssh 命令起作用.

My organisation has a policy in place that allows "only" the below ssh command to work.

ssh -i /tmp/private.key -t user2@host2 bash --noprofile

我尝试修改ansible库存主机文件来构建上面的ssh.在下面查看我的 ansible 主机文件:

I tried to modify the ansible inventory host file to construct the above ssh. See my ansible host file below:

host2 ansible_ssh_common_args="-t -o UserKnownHostsFile=/dev/null" ansible_shell_executable=sh ANSIBLE_HOST_KEY_CHECKING=false ansible_ssh_private_key_file=/tmp/private.key  USER_RUN=user2

我也尝试了以下方法，但它们也失败了

I also tried the below but they too fail

ansible_shell_executable=/bin/bash
ansible_ssh_extra_arg=.....

我的 ansible 版本是:

My ansible version is:

ansible --version

ansible 2.7.1

  config file = /etc/ansible/ansible.cfg

  configured module search path = [u'/home/user1/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/lib/python2.7/site-packages/ansible

  executable location = /bin/ansible

  python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

在调试中我看到ansible构建的ssh没有

In debug i see that the ssh constructed by ansible does not have

bash --noprfile

bash --noprfile

在 user2@target2 之后

after user2@target2

请帮忙提供解决方案.

推荐答案

为此，您可以通过

库存

some_host  ansible_shell_executable="/bin/bash --noprofile"
other_host ansible_shell_executable="/bin/bash --noprofile"

或全局通过

ansible.cfg

executable = /bin/bash --noprofile

更多信息可以在 ansible 文档.

More information can be found in the ansible documentation.

请注意，ansible 还会在幕后进行 sftp 传输.

Please note, that ansible additionally does sftp transfers under the hood.

恕我直言，如果你想在你的组织中使用 ansible，改变政策是合理的.

IMHO if you want to use ansible in your organisation, it would be reasonable to change the policy.

这篇关于Ansible 无法构建所需的 ssh 命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！