常见错误问题

FAQ

---

 ansible常规设置

1. 配置默认ssh_key   ~/.ssh/config

   [15:37:31] sysadm@SYS-OPS-CD-0-252:/etc/ansible $ cat ~/.ssh/config
   Host *
       User sysadm
       IdentityFile ~/.ssh/sysadm.id_rsa

2. 关闭首次连接身份验证, 防止中间人攻击

   [21:33:12] sysadm@SYS-OPS-CD-0-252:~ $ ssh 10.1.17.68
   The authenticity of host '10.1.17.68 (10.1.17.68)' can't be established.
   ED25519 key fingerprint is SHA256:1g0AcIo0SRXOtMVFTyt9bR97A7unIr6iiB9CXMC0sKw.
   This key is not known by any other names
   Are you sure you want to continue connecting (yes/no/[fingerprint])?

   [15:37:31] sysadm@SYS-OPS-CD-0-252:/etc/ansible $ cat ~/.ssh/config
   Host *
       StrictHostKeyChecking no

3. ansible服务端与客户端的openssh版本不一致, 不接受ssh-rsa加密算法

   [15:43:59] sysadm@SYS-OPS-CD-0-252:~/.ssh $ ssh -i sysadm.id_rsa sysadm@10.1.17.91
   sign_and_send_pubkey: no mutual signature supported
   sign_and_send_pubkey: no mutual signature supported
   sysadm@10.1.17.91: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

   [15:37:31] sysadm@SYS-OPS-CD-0-252:/etc/ansible $ cat ~/.ssh/config
   Host *
       PubkeyAcceptedAlgorithms +ssh-rsa
       HostkeyAlgorithms +ssh-rsa

4. 客户端Python版本低于ansible服务端

   [WARNING]: Platform linux on host 10.1.54.201 is using the discovered Python interpreter at /usr/bin/python3.8, but future installation of another Python interpreter could change the meaning of that path. See
   https://docs.ansible.com/ansible-core/2.17/reference_appendices/interpreter_discovery.html for more information.
   
   

   编辑/etc/ansible/下的inventroy

   [all:vars]
   ansible_python_interpreter=/usr/bin/python3
   
   或者
   
   ansible_python_interpreter=/usr/local/bin/python3