CentOS8のAnsible管理対象サーバ接続
管理サーバからSSH鍵交換
管理サーバの公開鍵を送付
[ansible@mng053 ~]$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub"
The authenticity of host '192.168.0.XXX (192.168.0.XXX)' can't be established.
ECDSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes ⇒初回接続時に聞かれる。「yes」回答
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: ⇒ログイン先のパスワード
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
接続確認
[ansible@mng053 ~]$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub"
The authenticity of host '192.168.0.XXX (192.168.0.XXX)' can't be established.
ECDSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes ⇒初回接続時に聞かれる。「yes」回答
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: ⇒ログイン先のパスワード
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
作業したら必ず確認。
hostnameコマンドで意図したホストに接続していることを確認します。
[ansible@mng053 ~]$ ssh [email protected]
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sat Mar 28 08:05:04 2020 from 192.168.0.XXX
[root@dbpg054 ~]# hostname
dbpg054.localdomain
管理サーバ側でのAnsibleインベントリ登録
Ansibleはインベントリ登録が必要なため、今回登録する192.168.0.XXXを登録します。
書き方は以下を見よう見真似。
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#hosts-in-multiple-groups
登録したインベントリ
[ansible@mng053 ~]$ cat /etc/ansible/hosts
all:
children:
centos8:
hosts:
192.168.0.XXX:
postgre10:
hosts:
192.168.0.XXX:
OS製品用のグループとDB製品用のグループを構成してみました。
疎通確認
とりあえず、ホスト名でやってみる。
管理サーバから管理対象サーバへ接続します。
[ansible@mng053 ~]$ ansible 192.168.0.XXX -m ping
192.168.0.XXX | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: [email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
ユーザ名を指定しないと、管理サーバ側と同じユーザ(ansible)で管理対象サーバに接続しようとする模様。
rootでログインしないと・・・ダメなんですよね。
ユーザ指定は「-m」オプションで行ける模様。
[ansible@mng053 ~]$ ansible 192.168.0.XXX -u root-m ping
192.168.0.XXX | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
うまくいきました。
「all」と「centos8」のグループでも確認
[ansible@mng053 ~]$ ansible all -u root -m ping
192.168.0.XXX | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[ansible@mng053 ~]$ ansible centos8 -u root -m ping
192.168.0.XXX | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
接続完了!!
Author And Source
この問題について(CentOS8のAnsible管理対象サーバ接続), 我々は、より多くの情報をここで見つけました https://qiita.com/CATs_Bell/items/c80102516400472fb384著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .