ansible批量设置sshkey实现免密

872次阅读

共计 1732 个字符，预计需要花费 5 分钟才能阅读完成。

此处记录下博主曾经配置密钥免密的方式

使用shell的方式

需要提前安装sshpass，需要通过密码配置

 [jenkins@docker-node-03 test01.xadocker.cn]$ sudo yum install sshpass -y
[jenkins@docker-node-03 test01.xadocker.cn]$ cat >push_id_rsa_pub.sh<<EOF
#/bin/bash
for i in {64,65,66,67,68}
do
    sshpass -p 'eishae[Reizi^ek1weir' ssh-copy-id xadocker@172.18.235.$i
done
EOF

使用ansible的方式

准备公钥

 [jenkins@docker-node-03 test01.xadocker.cn]$ ll
总用量 12
-rw-rw-r-- 1 jenkins jenkins 106 10月 30 17:43 hosts
-rw-r--r-- 1 jenkins jenkins 400 11月  2 11:46 id_rsa.pub
-rw-rw-r-- 1 jenkins jenkins 387 11月  2 11:59 user.yaml
 
[jenkins@docker-node-03 test01.xadocker.cn]$ cat hosts 
[web]
192.168.1.220 hostname='web-01' ansible_ssh_port='22'
 
[jenkins@docker-node-03 test01.xadocker.cn]$ cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAddQC7tagGvCfeBsToKbRREq6V33/rOwpt+7dTC1T2u29vqfiNjr5Ey5m5mtJQPA0EUNBJF4hTSdRrIFXIfmWUgFbmNMNHpv50hmmqY8j69GO9KGSSMnbYd5ejc8ARgwQW2F1kTU+e7LvgZaUPUksg8/+XvgJ2IN9j2c7s9e6nKU/LPO8RzGif/DGV7tsg4zUdLX/JzhwRDNGoKOSaHD0e+P4WSaxFKPo3Drdf4HES0hz7Ocd8PYcz5/BHIb9gBfrlQA1CckFUkUMhbnpYOCsjugzOLw2TS8Jf/61R1s0QeK+G32VwhDzyLZbHQXYRqyuc5EptvAaPxt9wpKzSYgnbObYt www@docker-node-03

编写playbook

将主控机www用户公钥复制到被控机www用户authorized_keys中

 [jenkins@docker-node-03 test01.xadocker.cn]$ cat user.yaml
---
- hosts: all
  remote_user: www
  gather_facts: false
  tasks:
    - name: set authorized key files
      authorized_key:
        user: www
        state: present 
        manage_dir:
        key: "{{ lookup('file','/xadocker-data/jenkins-ansible/test01.xadocker.cn/id_rsa.pub') }}"

将主控机的www用户公钥复制到被控机多个用户的authorized_keys中

 [jenkins@docker-node-03 test01.xadocker.cn]$ cat user.yaml
---
- hosts: all
  remote_user: root
  gather_facts: false
  vars:
    users:
      - test01
      - test02
      - test03
  tasks:
    - name: set authorized key files
      authorized_key:
        user: "{{ item }}"
        state: present 
        manage_dir:
        key: "{{ lookup('file','/xadocker-data/jenkins-ansible/test01.xadocker.cn/id_rsa.pub') }}"
      loop: "{{ users }}"

正文完

ansible

发表至： Ansible DevOps

2019-05-04

转载说明：除特殊说明外本站文章皆由CC-4.0协议发布，转载请注明出处。

Mysql数据库备份所需要的权限

	[jenkins@docker-node-03 test01.xadocker.cn]$ sudo yum install sshpass -y
	[jenkins@docker-node-03 test01.xadocker.cn]$ cat >push_id_rsa_pub.sh<<EOF
	#/bin/bash
	for i in {64,65,66,67,68}
	do
	sshpass -p 'eishae[Reizi^ek1weir' ssh-copy-id xadocker@172.18.235.$i
	done
	EOF

	[jenkins@docker-node-03 test01.xadocker.cn]$ ll
	总用量 12
	-rw-rw-r-- 1 jenkins jenkins 106 10月 30 17:43 hosts
	-rw-r--r-- 1 jenkins jenkins 400 11月 2 11:46 id_rsa.pub
	-rw-rw-r-- 1 jenkins jenkins 387 11月 2 11:59 user.yaml

	[jenkins@docker-node-03 test01.xadocker.cn]$ cat hosts
	[web]
	192.168.1.220 hostname='web-01' ansible_ssh_port='22'

	[jenkins@docker-node-03 test01.xadocker.cn]$ cat id_rsa.pub
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAddQC7tagGvCfeBsToKbRREq6V33/rOwpt+7dTC1T2u29vqfiNjr5Ey5m5mtJQPA0EUNBJF4hTSdRrIFXIfmWUgFbmNMNHpv50hmmqY8j69GO9KGSSMnbYd5ejc8ARgwQW2F1kTU+e7LvgZaUPUksg8/+XvgJ2IN9j2c7s9e6nKU/LPO8RzGif/DGV7tsg4zUdLX/JzhwRDNGoKOSaHD0e+P4WSaxFKPo3Drdf4HES0hz7Ocd8PYcz5/BHIb9gBfrlQA1CckFUkUMhbnpYOCsjugzOLw2TS8Jf/61R1s0QeK+G32VwhDzyLZbHQXYRqyuc5EptvAaPxt9wpKzSYgnbObYt www@docker-node-03

	[jenkins@docker-node-03 test01.xadocker.cn]$ cat user.yaml
	---
	- hosts: all
	remote_user: www
	gather_facts: false
	tasks:
	- name: set authorized key files
	authorized_key:
	user: www
	state: present
	manage_dir:
	key: "{{ lookup('file','/xadocker-data/jenkins-ansible/test01.xadocker.cn/id_rsa.pub') }}"

	[jenkins@docker-node-03 test01.xadocker.cn]$ cat user.yaml
	---
	- hosts: all
	remote_user: root
	gather_facts: false
	vars:
	users:
	- test01
	- test02
	- test03
	tasks:
	- name: set authorized key files
	authorized_key:
	user: "{{ item }}"
	state: present
	manage_dir:
	key: "{{ lookup('file','/xadocker-data/jenkins-ansible/test01.xadocker.cn/id_rsa.pub') }}"
	loop: "{{ users }}"