ansible批量设置sshkey实现免密

658次阅读
没有评论

共计 1732 个字符,预计需要花费 5 分钟才能阅读完成。

ansible批量设置sshkey实现免密

此处记录下博主曾经配置密钥免密的方式

使用shell的方式

需要提前安装sshpass,需要通过密码配置

[jenkins@docker-node-03 test01.xadocker.cn]$ sudo yum install sshpass -y
[jenkins@docker-node-03 test01.xadocker.cn]$ cat >push_id_rsa_pub.sh<<EOF
#/bin/bash
for i in {64,65,66,67,68}
do
    sshpass -p 'eishae[Reizi^ek1weir' ssh-copy-id xadocker@172.18.235.$i
done
EOF

使用ansible的方式

准备公钥

[jenkins@docker-node-03 test01.xadocker.cn]$ ll
总用量 12
-rw-rw-r-- 1 jenkins jenkins 106 10月 30 17:43 hosts
-rw-r--r-- 1 jenkins jenkins 400 11月  2 11:46 id_rsa.pub
-rw-rw-r-- 1 jenkins jenkins 387 11月  2 11:59 user.yaml

[jenkins@docker-node-03 test01.xadocker.cn]$ cat hosts 
[web]
192.168.1.220 hostname='web-01' ansible_ssh_port='22'

[jenkins@docker-node-03 test01.xadocker.cn]$ cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAddQC7tagGvCfeBsToKbRREq6V33/rOwpt+7dTC1T2u29vqfiNjr5Ey5m5mtJQPA0EUNBJF4hTSdRrIFXIfmWUgFbmNMNHpv50hmmqY8j69GO9KGSSMnbYd5ejc8ARgwQW2F1kTU+e7LvgZaUPUksg8/+XvgJ2IN9j2c7s9e6nKU/LPO8RzGif/DGV7tsg4zUdLX/JzhwRDNGoKOSaHD0e+P4WSaxFKPo3Drdf4HES0hz7Ocd8PYcz5/BHIb9gBfrlQA1CckFUkUMhbnpYOCsjugzOLw2TS8Jf/61R1s0QeK+G32VwhDzyLZbHQXYRqyuc5EptvAaPxt9wpKzSYgnbObYt www@docker-node-03

编写playbook

将主控机www用户公钥复制到被控机www用户authorized_keys中

[jenkins@docker-node-03 test01.xadocker.cn]$ cat user.yaml
---
- hosts: all
  remote_user: www
  gather_facts: false
  tasks:
    - name: set authorized key files
      authorized_key:
        user: www
        state: present 
        manage_dir:
        key: "{{ lookup('file','/xadocker-data/jenkins-ansible/test01.xadocker.cn/id_rsa.pub') }}"

将主控机的www用户公钥复制到被控机多个用户的authorized_keys中

[jenkins@docker-node-03 test01.xadocker.cn]$ cat user.yaml
---
- hosts: all
  remote_user: root
  gather_facts: false
  vars:
    users:
      - test01
      - test02
      - test03
  tasks:
    - name: set authorized key files
      authorized_key:
        user: "{{ item }}"
        state: present 
        manage_dir:
        key: "{{ lookup('file','/xadocker-data/jenkins-ansible/test01.xadocker.cn/id_rsa.pub') }}"
      loop: "{{ users }}"

正文完
ansible
发表至: Ansible DevOps
2019-05-04
 
xadocker
版权声明:本站原创文章,由 xadocker 2019-05-04发表,共计1732字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
Ansible委派任务给一个组
Jenkins关于显示时间
Gitea轻量级仓库的选择
远程管理Terraform的state
评论(没有评论)