ansible部署免密密钥(单向)

ansible单向部署密钥比较简单,也就是将跳板机(我这里是ansible本机)的公钥部署到远端主机

事先生成公钥就不写了

部署前,不如不加-k输入密码,或者配置文件实现定义好ssh用户和密码,那执行命令是失败的

[root@ansible ~]# ansible all -m ping
jmp1 | UNREACHABLE! => {
"changed": false, 
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
"unreachable": true
}
jmp3 | UNREACHABLE! => {
"changed": false, 
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
"unreachable": true
}
jmp2 | UNREACHABLE! => {
"changed": false, 
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
"unreachable": true
}
jmp4 | UNREACHABLE! => {
"changed": false, 
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
"unreachable": true
}

下面执行免密操作,写好yaml剧本

[root@ansible ~]# cd ansible/
[root@ansible ansible]# pwd
/root/ansible
[root@ansible ansible]# vim auth_key.yml

[root@ansible ansible]# cat auth_key.yml 
---
- name: configure authorized key
hosts: all
tasks:
- name: root key
authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub')}}"

检查语法

[root@ansible ansible]# ansible-playbook --syntax-check auth_key.yml

playbook: auth_key.yml

执行剧本

 

[root@ansible ansible]# ansible-playbook auth_key.yml -k
SSH password:

PLAY [configure authorized key] ***********************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [jmp2]
ok: [jmp1]
ok: [jmp3]
ok: [jmp4]

TASK [root key] ***************************************************************************************************************************************************************************************************
changed: [jmp4]
changed: [jmp1]
changed: [jmp2]
changed: [jmp3]

PLAY RECAP ********************************************************************************************************************************************************************************************************
jmp1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 
jmp2 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 
jmp3 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 
jmp4 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

 

验证免密,可以看到成功了
[root@ansible ansible]# 
[root@ansible ansible]# ansible all -m ping
jmp4 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
}, 
"changed": false, 
"ping": "pong"
}
jmp3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
}, 
"changed": false, 
"ping": "pong"
}
jmp2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
}, 
"changed": false, 
"ping": "pong"
}
jmp1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
}, 
"changed": false, 
"ping": "pong"
}
[root@ansible ansible]# 
此条目发表在ansible分类目录,贴了标签。将固定链接加入收藏夹。

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注