ansible单向部署密钥比较简单,也就是将跳板机(我这里是ansible本机)的公钥部署到远端主机
事先生成公钥就不写了
部署前,不如不加-k输入密码,或者配置文件实现定义好ssh用户和密码,那执行命令是失败的
[root@ansible ~]# ansible all -m ping jmp1 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true } jmp3 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true } jmp2 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true } jmp4 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true }
下面执行免密操作,写好yaml剧本
[root@ansible ~]# cd ansible/ [root@ansible ansible]# pwd /root/ansible [root@ansible ansible]# vim auth_key.yml [root@ansible ansible]# cat auth_key.yml --- - name: configure authorized key hosts: all tasks: - name: root key authorized_key: user: root state: present key: "{{ lookup('file', '/root/.ssh/id_rsa.pub')}}"
检查语法
[root@ansible ansible]# ansible-playbook --syntax-check auth_key.yml playbook: auth_key.yml
执行剧本
[root@ansible ansible]# ansible-playbook auth_key.yml -k SSH password: PLAY [configure authorized key] *********************************************************************************************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************************************************************************************************************** ok: [jmp2] ok: [jmp1] ok: [jmp3] ok: [jmp4] TASK [root key] *************************************************************************************************************************************************************************************************** changed: [jmp4] changed: [jmp1] changed: [jmp2] changed: [jmp3] PLAY RECAP ******************************************************************************************************************************************************************************************************** jmp1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 jmp2 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 jmp3 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 jmp4 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
验证免密,可以看到成功了 [root@ansible ansible]# [root@ansible ansible]# ansible all -m ping jmp4 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } jmp3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } jmp2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } jmp1 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [root@ansible ansible]#