- hosts: localhost become: true tasks: - name: disable ipv6 sysctl: name: '{{ item }}' value: '1' with_items: - net.ipv6.conf.all.disable_ipv6 - net.ipv6.conf.default.disable_ipv6
こんな感じ
OSインストール時(Kickstart使用)にはIPv6無効にしてたつもりだったんだけど
network --bootproto=static --device=ens192 --gateway=192.168.0.1 --ip=192.168.0.70 --nameserver=192.168.0.11 --netmask=255.255.255.0 --noipv6 --activate
どうもこれだけだとダメらしい
IPv6無効のつもりでインストールしたCentOS7、この記事の通り/proc/sys/net/ipv6/conf/all/disable_ipv6と/proc/sys/net/ipv6/conf/default/disable_ipv6の値は0になっていた。
で、これだと何が不都合だったかというと、各ホスト名のFQDNに.localhostという名前を付けており(そもそも多分これが悪いのだが)、pingのときは問題ないけどsshのときにremote.localhostへ接続しようとホスト名でアクセスすると::1に接続してしまい、リモートに(ホスト名で)sshアクセスできない、という状態になっていた。
TLDが.localhostな影響なのかわからんけど、ping hogehoge.localhostはちゃんと想定通りリモートホストを見るんだけど、ssh hogehoge.localhostってやると、リモートじゃなくて127.0.0.1にアクセスしてしまう。。なぜだろう
— z a k i (@zaki_hmkc) October 16, 2019
初期状態
[zaki@okd-manager ~]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:14:0c:bd brd ff:ff:ff:ff:ff:ff
inet 192.168.0.70/24 brd 192.168.0.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe14:cbd/64 scope link
valid_lft forever preferred_lft forever
pingはリモートへ接続
[zaki@okd-manager ~]$ ping -c 1 okd-master.esxi.localhost PING okd-master.esxi.localhost (192.168.0.71) 56(84) bytes of data. 64 bytes from okd-master.esxi.localhost (192.168.0.71): icmp_seq=1 ttl=64 time=0.216 ms --- okd-master.esxi.localhost ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.216/0.216/0.216/0.000 ms [zaki@okd-manager ~]$
sshは::1に接続
(master(マスター)へsshしてるつもりなのに、接続後のホストがmanager(マネージャー)になってる)
[zaki@okd-manager ~]$ ssh okd-master.esxi.localhost -v OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: Connecting to okd-master.esxi.localhost [::1] port 22. debug1: Connection established. debug1: identity file /home/zaki/.ssh/id_rsa type 1 [snip] Authenticated to okd-master.esxi.localhost ([::1]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Sending environment. debug1: Sending env LANG = ja_JP.UTF-8 Last login: Fri Oct 18 06:09:24 2019 from localhost [zaki@okd-manager ~]$
これのせいでAnsibleが想定通りに動かずにしばらくハマってました(汗
で、手動ではIPv6を無効にできて、sshアクセスも期待通りに動いたので、せっかくなのでAnsibleで設定してみようと。
冒頭のPlaybookでAnsible実行すると、/etc/sysctl.confに以下の設定が追加される。
[zaki@okd-manager initialize]$ ansible-playbook diable_ipv6.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note
that the implicit localhost does not match 'all'
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
Friday 18 October 2019 06:22:16 +0900 (0:00:00.031) 0:00:00.031 ********
ok: [localhost]
TASK [disable ipv6] ************************************************************
Friday 18 October 2019 06:22:17 +0900 (0:00:00.661) 0:00:00.692 ********
changed: [localhost] => (item=net.ipv6.conf.all.disable_ipv6)
changed: [localhost] => (item=net.ipv6.conf.default.disable_ipv6)
PLAY RECAP *********************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Friday 18 October 2019 06:22:17 +0900 (0:00:00.339) 0:00:01.032 ********
===============================================================================
Gathering Facts --------------------------------------------------------- 0.66s
disable ipv6 ------------------------------------------------------------ 0.34s
[zaki@okd-manager initialize]$
[zaki@okd-manager initialize]$ grep -v "^#" /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
[zaki@okd-manager initialize]$
[zaki@okd-manager initialize]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:14:0c:bd brd ff:ff:ff:ff:ff:ff
inet 192.168.0.70/24 brd 192.168.0.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
[zaki@okd-manager initialize]$
[zaki@okd-manager ~]$ ssh okd-master.esxi.localhost -4 Last login: Fri Oct 18 06:13:32 2019 from okd-manager.esxi.localhost [zaki@okd-master ~]$
[defaults] host_key_checking = False callback_whitelist = profile_tasks stdout_callback = yaml [ssh_connection] ssh_args = -4
ssh_argsに-4を指定すればOK
IPv4実行指定なし→リモートに接続できずに、Ansible実行ノード(localhost)に接続しておりhostname実行するとAnsible実行ノードになってる
[zaki@okd-manager initialize]$ ansible all -i host.ini -m shell -a hostname -k SSH password: okd-node02.esxi.localhost | CHANGED | rc=0 >> okd-manager.esxi.localhost okd-master.esxi.localhost | CHANGED | rc=0 >> okd-manager.esxi.localhost okd-node01.esxi.localhost | CHANGED | rc=0 >> okd-manager.esxi.localhost
IPv4実行指定→ちゃんとリモート接続してる
[zaki@okd-manager initialize]$ ansible all -i host.ini -m shell -a hostname okd-node02.esxi.localhost | CHANGED | rc=0 >> okd-node2.esxi.localhost okd-node01.esxi.localhost | CHANGED | rc=0 >> okd-node1.esxi.localhost okd-master.esxi.localhost | CHANGED | rc=0 >> okd-master.esxi.localhost
DNS設定とホスト名違ってやんの…
