我想将客户端系统上ssh服务器的端口更改为自定义端口2202(在group_var/all和roles/change-sshd-port/vars/main.yml中定义的端口(。我的要求是,当端口已经设置为自定义2202时,也可以运行剧本(那么剧本应该什么都不做(。我已经使用了基于解决方案的ansible角色:https://github.com/Forcepoint/fp-pta-ansible-change-sshd-port
当我第一次运行脚本时,端口更改得很好(完成后,我可以在新端口上登录客户端节点(
当我再次运行剧本时,它失败了,因为我试图通过旧的22端口而不是新的2202端口执行一些任务
TASK [change-sshd-port : Confirm host connection works] ********************************************************************************************************************
fatal: [192.168.170.113]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.170.113 port 22: Connection refused", "unreachable": true}
当ansible_port变量在roles/change-sshd-port/vars/main.yml中设置为新端口时,我找不到为什么它试图使用端口22
---
# vars file for /home/me/ansible2/roles/change-sshd-port
ansible_port: 2202
角色任务roles/change-sshd-port/tasks/main.yml直到ping任务失败的部分是:
- name: Set configured port fact
ansible.builtin.set_fact:
configured_port: "{{ ansible_port }}"
- name: Check if we're using the inventory-provided SSH port
ansible.builtin.wait_for:
port: "{{ ansible_port }}"
state: "started"
host: "{{ ansible_host }}"
connect_timeout: "5"
timeout: "10"
delegate_to: "localhost"
ignore_errors: "yes"
register: configured_ssh
- name: SSH port is configured properly
ansible.builtin.debug:
msg: "SSH port is configured properly"
when: configured_ssh is defined and
configured_ssh.state is defined and
configured_ssh.state == "started"
register: ssh_port_set
- name: Check if we're using the default SSH port
ansible.builtin.wait_for:
port: "22"
state: "started"
host: "{{ ansible_host }}"
connect_timeout: "5"
timeout: "10"
delegate_to: "localhost"
ignore_errors: "yes"
register: default_ssh
when: configured_ssh is defined and
configured_ssh.state is undefined
- name: Set inventory ansible_port to default
ansible.builtin.set_fact:
ansible_port: "22"
when: default_ssh is defined and
"state" in default_ssh and
default_ssh.state == "started"
register: ssh_port_set
- name: Fail if SSH port was not auto-detected (unknown)
ansible.builtin.fail:
msg: "The SSH port is neither 22 or {{ ansible_port }}."
when: ssh_port_set is undefined
- name: Confirm host connection works
ansible.builtin.ping:
您的问题缺少一系列细节(我们无法根据您在问题(,所以我将不得不进行一些猜测。有可能发生的几件事。
首先,如果您在操作手册中摆弄ssh端口,你需要禁用该剧的事实收集功能。通过默认情况下,ansible之前在目标主机上运行setup模块运行游戏中的任务,这将使用任何端口您已在库存中进行了配置。如果sshd运行在另一个端口,这将失败。
这里有一个剧本,它忽略了你的端口清点并将成功连接到目标主机,无论是sshd正在端口22或端口2222上运行(如果sshd,它将失败并显示错误没有在这两个端口上运行(:
- hosts: target
gather_facts: false
vars:
desired_port: 2222
default_port: 22
tasks:
- name: check if ssh is running on {{ desired_port }}
delegate_to: localhost
wait_for:
port: "{{ desired_port }}"
host: "{{ ansible_host }}"
timeout: 10
ignore_errors: true
register: desired_port_check
- name: check if ssh is running on {{ default_port }}
delegate_to: localhost
wait_for:
port: "{{ default_port }}"
host: "{{ ansible_host }}"
timeout: 10
ignore_errors: true
register: default_port_check
- fail:
msg: "ssh is not running (or is running on an unknown port)"
when: default_port_check is failed and desired_port_check is failed
- when: default_port_check is success
block:
- debug:
msg: "ssh is running on default port"
- name: configure ansible to use port {{ default_port }}
set_fact:
ansible_port: "{{ default_port }}"
- when: desired_port_check is success
block:
- debug:
msg: "ssh is running on desired port"
- name: configure ansible to use port {{ desired_port }}
set_fact:
ansible_port: "{{ desired_port }}"
- name: run a command on the target host
command: uptime
register: uptime
- debug:
msg: "{{ uptime.stdout }}"