Я храбро развертывал OpenStack с помощью Ansible. Наконец, этап ввода команд, за исключением того, что я столкнулся с ошибкой ssh. Кажется, это либо разветвленный, либо настроенный для OpenStack. Раньше при "ssh-copy-id" (Примечание: в целях тестирования разрешен вход с правами root)
os@7:/opt/openstack-ansible/playbooks$ sudo openstack-ansible setup-hosts.yml -vvvv
Variable files: "-e @/etc/openstack_deploy/user_group_vars.yml -e @/etc/openstack_deploy/user_secrets.yml -e @/etc/openstack_deploy/user_variables.yml "
PLAY [Basic host setup] *******************************************************
GATHERING FACTS ***************************************************************
<172.27.255.84> ESTABLISH CONNECTION FOR USER: root
<10.4.1.113> ESTABLISH CONNECTION FOR USER: root
<172.27.255.84> REMOTE_MODULE setup
<172.27.255.93> ESTABLISH CONNECTION FOR USER: root
<10.4.1.113> REMOTE_MODULE setup
<172.27.255.91> ESTABLISH CONNECTION FOR USER: root
<172.27.255.164> ESTABLISH CONNECTION FOR USER: root
<172.27.255.93> REMOTE_MODULE setup
<172.27.255.91> REMOTE_MODULE setup
<172.27.255.164> REMOTE_MODULE setup
<172.27.255.84> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/os/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=22 -o IdentityFile="/home/os/.ssh/id_rsa" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.27.255.84 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1458671499.99-38377904647735 && echo $HOME/.ansible/tmp/ansible-tmp-1458671499.99-38377904647735'
<10.4.1.113> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/os/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=22 -o IdentityFile="/home/os/.ssh/id_rsa" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 10.4.1.113 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1458671499.99-28043973332190 && echo $HOME/.ansible/tmp/ansible-tmp-1458671499.99-28043973332190'
<172.27.255.93> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/os/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=22 -o IdentityFile="/home/os/.ssh/id_rsa" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.27.255.93 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1458671499.99-247742941146890 && echo $HOME/.ansible/tmp/ansible-tmp-1458671499.99-247742941146890'
<172.27.255.91> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/os/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=22 -o IdentityFile="/home/os/.ssh/id_rsa" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.27.255.91 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1458671499.99-239068187999404 && echo $HOME/.ansible/tmp/ansible-tmp-1458671499.99-239068187999404'
<172.27.255.164> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/os/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=22 -o IdentityFile="/home/os/.ssh/id_rsa" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.27.255.164 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1458671499.99-253354461562706 && echo $HOME/.ansible/tmp/ansible-tmp-1458671499.99-253354461562706'
fatal: [infra1] => SSH Error: Permission denied (publickey,password).
while connecting to 172.27.255.84:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
<172.27.255.164> ESTABLISH CONNECTION FOR USER: root
fatal: [900089-compute001] => SSH Error: Permission denied (publickey,password).
while connecting to 172.27.255.164:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
<172.27.255.164> REMOTE_MODULE setup
fatal: [storage1] => SSH Error: Permission denied (publickey,password).
while connecting to 10.4.1.113:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
<172.27.255.164> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/os/.ansible/cp/ansible-ssh-%h-%p-%r" -o Port=22 -o IdentityFile="/home/os/.ssh/id_rsa" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.27.255.164 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1458671500.08-121316397320847 && echo $HOME/.ansible/tmp/ansible-tmp-1458671500.08-121316397320847'
fatal: [infra3] => SSH Error: Permission denied (publickey,password).
while connecting to 172.27.255.93:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
fatal: [infra2] => SSH Error: Permission denied (publickey,password).
while connecting to 172.27.255.91:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
fatal: [compute1] => SSH Error: Permission denied (publickey,password).
while connecting to 172.27.255.164:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
TASK: [apt_package_pinning | Add apt pin preferences] *************************
FATAL: no hosts matched or all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/os/setup-hosts.retry
900089-compute001 : ok=0 changed=0 unreachable=1 failed=0
compute1 : ok=0 changed=0 unreachable=1 failed=0
infra1 : ok=0 changed=0 unreachable=1 failed=0
infra2 : ok=0 changed=0 unreachable=1 failed=0
infra3 : ok=0 changed=0 unreachable=1 failed=0
storage1 : ok=0 changed=0 unreachable=1 failed=0
os@7:/opt/openstack-ansible/playbooks$
Как видите, "ssh os @ ipВ моем файле зоны пересылки BIND есть следующее, чтобы создать запись A для IP-адреса веб-сервера HTTPD, а также сопоставить CNAME с веб-сервером HTTPD.
$ORIGIN example.com.
$TTL 1D
@ IN SOA ns1.example.com. hostmaster.example.com. (
2016032200 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ; minimum
)
@ IN NS ns1.example.com.
ns1 IN A 192.168.0.30
server1 IN A 192.168.0.23
www IN CNAME server1
Команда named-checkzone производит OK, что гарантирует файл зоны forward.example.com в порядке.
[root@DNS1 ~]# named-checkzone example.com /etc/forward.example.com
zone example.com/IN: loaded serial 2016032200
OK
Выполнение команды nslookup ns1.example.com дает следующий результат. Это хорошо.
Server: 192.168.0.30
Address: 192.168.0.30#53
Name: ns1.example.com
Address: 192.168.0.30
Выполнение команды nslookup www.example.com дает следующий результат.
Server: 192.168.0.30
Address: 192.168.0.30#53
** server can't find www.example.com: NXDOMAIN
Выполнение команды nslookup server1.example.com дает следующий результат.
Server: 192.168.0.30
Address: 192.168.0.30#53
** server can't find www.example.com: NXDOMAIN
Я не вижу ошибок в файле named.run.
[root@DNS1 ~]# tail /var/named/data/named.run
zone 0.in-addr.arpa/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.168.192.in-addr.arpa/IN: loaded serial 0
zone 1.xxxxxxxxxxx.ip6.arpa/IN: loaded serial 0
zone example.com/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
all zones loaded
running
При поиске по serverfault.com и google.com мне не удалось определить, почему я получаю ошибку NXDOMAIN. Если есть какие-то советы или рекомендации, я буду признателен!
Ваш серийный номер очень подозрительный.
0 ; serial
Скорее всего, вы не изменили серийный номер, и ваши вторичные устройства не воспроизвели изменение, добавившее существование www
] запись.
Если это на самом деле не ваш серийный номер, этот вопрос слишком отредактирован. :)