Ansible默認安裝好後有一個配置文件/etc/ansible/ansible.cfg,該配置文件中定義了ansible的主機的默認配置部分,如默認是否須要輸入密碼、是否開啓sudo認證、action_plugins插件的位置、hosts主機組的位置、是否開啓log功能、默認端口、key文件位置等等。spa
具體以下:插件
- [defaults]
- # some basic default values...
- hostfile = /etc/ansible/hosts \\指定默認hosts配置的位置
- # library_path = /usr/share/my_modules/
- remote_tmp = $HOME/.ansible/tmp
- pattern = *
- forks = 5
- poll_interval = 15
- sudo_user = root \\遠程sudo用戶
- #ask_sudo_pass = True \\每次執行ansible命令是否詢問ssh密碼
- #ask_pass = True \\每次執行ansible命令時是否詢問sudo密碼
- transport = smart
- remote_port = 22
- module_lang = C
- gathering = implicit
- host_key_checking = False \\關閉第一次使用ansible鏈接客戶端是輸入命令提示
- log_path = /var/log/ansible.log \\須要時能夠自行添加。chown -R root:root ansible.log
- system_warnings = False \\關閉運行ansible時系統的提示信息,通常爲提示升級
- # set plugin path directories here, separate with colons
- action_plugins = /usr/share/ansible_plugins/action_plugins
- callback_plugins = /usr/share/ansible_plugins/callback_plugins
- connection_plugins = /usr/share/ansible_plugins/connection_plugins
- lookup_plugins = /usr/share/ansible_plugins/lookup_plugins
- vars_plugins = /usr/share/ansible_plugins/vars_plugins
- filter_plugins = /usr/share/ansible_plugins/filter_plugins
- fact_caching = memory
- [accelerate]
- accelerate_port = 5099
- accelerate_timeout = 30
- accelerate_connect_timeout = 5.0
- # The daemon timeout is measured in minutes. This time is measured
- # from the last activity to the accelerate daemon.
- accelerate_daemon_timeout = 30
本篇就結合一個示例對其進行下了解。我在對以前未鏈接的主機進行連結時報錯以下:命令行
- [root@361way.com ~]# ansible test -a 'uptime'
- 10.212.52.14 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
- 10.212.52.16 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
從上面的輸出提示上基本能夠了解到因爲在本機的~/.ssh/known_hosts文件中並有fingerprint key串,ssh第一次鏈接的時候通常會提示輸入yes 進行確認爲將key字符串加入到 ~/.ssh/known_hosts 文件中。
方法1:
瞭解到問題緣由爲,咱們瞭解到進行ssh鏈接時,可使用-o參數將StrictHostKeyChecking設置爲no,使用ssh鏈接時避免首次鏈接時讓輸入yes/no部分的提示。經過查看ansible.cfg配置文件,發現以下行:
- [ssh_connection]
- # ssh arguments to use
- # Leaving off ControlPersist will result in poor performance, so use
- # paramiko on older platforms rather than removing it
- #ssh_args = -o ControlMaster=auto -o ControlPersist=60s
因此這裏咱們能夠啓用ssh_args 部分,使用下面的配置,避免上面出現的錯誤:
- ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no
方法2:
在ansible.cfg配置文件中,也會找到以下部分:
- # uncomment this to disable SSH key host checking
- host_key_checking = False
默認host_key_checking部分是註釋的,經過找開該行的註釋,一樣也能夠實現跳過 ssh 首次鏈接提示驗證部分。因爲配置文件中直接有該選項,因此推薦用方法2 。
其餘部分
因爲官方給的說明比較詳細,同時ansible.cfg 文件自己默認也有註釋提示部分,因此不作過多說明,這裏再舉個例子,默認ansible 執行的時候,並不會輸出日誌到文件,不過在ansible.cfg 配置文件中有以下行:
- # logging is off by default unless this path is defined
- # if so defined, consider logrotate
- log_path = /var/log/ansible.log
一樣,默認log_path這行是註釋的,打開該行的註釋,全部的命令執行後,都會將日誌輸出到/var/log/ansible.log 文件,便於瞭解在什麼時候執行了何操做及其結果,以下:
- [root@361way.com ansible]# cat /var/log/ansible.log
- 2015-05-04 01:57:19,758 p=4667 u=root |
- 2015-05-04 01:57:19,759 p=4667 u=root | /usr/bin/ansible test -a uptime
- 2015-05-04 01:57:19,759 p=4667 u=root |
- 2015-05-04 01:57:20,563 p=4667 u=root | 10.212.52.252 | success | rc=0 >>
- 01:57am up 23 days 11:20, 2 users, load average: 0.38, 0.38, 0.40
- 2015-05-04 01:57:20,831 p=4667 u=root | 10.212.52.14 | success | rc=0 >>
- 02:03am up 331 days 8:19, 2 users, load average: 0.08, 0.05, 0.05
- 2015-05-04 01:57:20,909 p=4667 u=root | 10.212.52.16 | success | rc=0 >>
- 02:05am up 331 days 8:56, 2 users, load average: 0.00, 0.01, 0.05
更多部分能夠參看官方文檔。