【发布时间】:2019-07-02 01:09:35
【问题描述】:
重写问题
当我使用azure_rm – Azure Resource Manager inventory plugin时,
如何更改连接到 Azure VM 的 ssh 用户?
老问题
我担心我的 azure cloud shell 中的 Ansible 无法连接由 Ansible playbook 创建的 Azure VM。 另一个 Ansible 可以连接由命令行创建的 Azure VM。 虚拟机有什么不同?
我创建了 2 个 Azure VM。
一个是 Ansible 剧本。
另一种是通过命令行az vm create。
Ansible 剧本create_vm_for_the_developers.yaml
- name: Create Azure VM
hosts: localhost
connection: local
vars_prompt:
- name: "ResourceGroup"
prompt: "Please input your resourcegroup"
default: "defaultResourceGroupForVM"
private: no
- name: "domain_name"
prompt: "Please input your domain"
default: "foobardomain"
private: no
- name: "subscription_id"
prompt: "Please input your subscription_id"
default: "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
private: no
tasks:
- name: Create resource group
azure_rm_resourcegroup:
name: "{{ ResourceGroup }}"
location: eastus
subscription_id: "{{subscription_id}}"
- name: Create virtual network
azure_rm_virtualnetwork:
resource_group: "{{ ResourceGroup }}"
name: myVnet
address_prefixes: "10.0.0.0/16"
subscription_id: "{{subscription_id}}"
- name: Add subnet
azure_rm_subnet:
resource_group: "{{ ResourceGroup }}"
name: mySubnet
address_prefix: "10.0.1.0/24"
virtual_network: myVnet
subscription_id: "{{subscription_id}}"
- name: Create public IP address
azure_rm_publicipaddress:
resource_group: "{{ ResourceGroup }}"
allocation_method: Static
name: myPublicIP
subscription_id: "{{subscription_id}}"
register: output_ip_address
- name: Dump public IP for VM which will be created
debug:
msg: "The public IP is {{ output_ip_address.state.ip_address }}."
- name: Create Network Security Group that allows SSH
azure_rm_securitygroup:
resource_group: "{{ ResourceGroup }}"
name: myNetworkSecurityGroup
subscription_id: "{{subscription_id}}"
rules:
- name: SSH
protocol: Tcp
destination_port_range: 22
access: Allow
priority: 1001
direction: Inbound
- name: Create virtual network inteface card
azure_rm_networkinterface:
resource_group: "{{ ResourceGroup }}"
subscription_id: "{{subscription_id}}"
name: myNIC
virtual_network: myVnet
subnet: mySubnet
public_ip_name: myPublicIP
security_group: myNetworkSecurityGroup
ip_configurations:
- name: ipconfig1
public_ip_address_name: myPublicIP
primary: True
- name: Create VM
azure_rm_virtualmachine:
resource_group: "{{ ResourceGroup }}"
subscription_id: "{{subscription_id}}"
name: myVM
vm_size: Standard_DS1_v2
admin_username: azureuser
#admin_password: Azure12345678
ssh_password_enabled: false
ssh_public_keys:
- path: /home/azureuser/.ssh/authorized_keys
key_data: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
network_interfaces: myNIC
image:
offer: CentOS
publisher: OpenLogic
sku: '7.5'
version: latest
我运行命令ansible-playbook create_vm_for_the_developers.yaml 并创建虚拟机。
命令行az vm create
az vm create --resource-group defaultResourceGroupForVM --name ansible-inventory-test-vm2 --image CentOS --ssh-key-values ~/.ssh/id_rsa.pub
我也运行了上面的命令。
动态库存infra_azure_rm.yaml
plugin: azure_rm
include_vm_resource_groups:
- defaultResourceGroupForVM
auth_source: auto
exclude_host_filters:
# excludes hosts that are powered off
- powerstate != 'running'
我运行了命令
ansible all -m ping -i infra_azure_rm.yaml
错误结果
myVM_caa6 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).",
"unreachable": true
}
ansible-inventory-test-vm2_62bd | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
环境
- 在 Azure Cloud Shell 上
- Ansible 版本:2.8.1
- ssh 密钥由命令
ssh-keygen创建
加上信息
- 当然,两个虚拟机都可以通过 ssh 连接。
- 在命令行创建的 VM 和在 Ansible 中创建的 VM 的 ssh 连接用户名不同。这可能是一个严重的问题。
- 在动态库存选项中,我们可以更改 ssh 的用户名吗?
加上加上信息
-
azure_rm的ad_user参数用于 Azure AD。 - 如何更改用户?
【问题讨论】: