美文网首页
Ansible(一)、实现SSH免密

Ansible(一)、实现SSH免密

作者: davisgao | 来源:发表于2019-09-26 10:27 被阅读0次

    1.ansible安装

    [root@node1 soft]# yum install  ansible -y

    2.ansible配置

    /etc/ansible/ansible.cfg

    [defaults]
host_key_checking = False

    /etc/ansible/hosts

    #1.初始化主机免密时使用,初始化完成删除该组
[ssh-init]
172.17.16.4  ansible_ssh_user=root ansible_ssh_pass=flink@123
172.17.16.12 ansible_ssh_user=root ansible_ssh_pass=flink@123
172.17.16.13 ansible_ssh_user=root ansible_ssh_pass=flink@123
 #2.通用属性
[ssh-init:vars]
ssh_port=22
 #3.初始化免密后,生产时使用
[product]
172.17.16.4 
172.17.16.12
172.17.16.13

    4.编写yaml文件,内容如下

    - hosts: ssh-init
  remote_user: root
  vars:
    - name: "ssh-init"
  tasks:
    - name: "1.初始化"
      shell: rm -rf ~/.ssh/* &&  echo {{item.key}} {{item.value.ansible_hostname}}  >> /etc/hosts
      with_dict: "{{hostvars}}"
      #不打印日志
      no_log: True
      #局部打印日志
      #loop_control:
         #label: ""
    - name: "2.生成新的公钥和私钥"
      shell: ssh-keygen -t rsa -b 2048 -P "" -f ~/.ssh/id_rsa
    - name: "3.拷贝远程公钥到本机"
      fetch: src=~/.ssh/id_rsa.pub dest=~/.ssh/rsa/ force=yes
    - name: "4.同步证书到其他主机"
      copy: src=~/.ssh/rsa dest=~/.ssh/ mode=0644
    - name: "5.合并密钥"
      shell: cat ~/.ssh/rsa/*/root/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
    - name: "6.添加known_hosts"
      shell:  ssh-keyscan {{item}} >> /root/.ssh/known_hosts
      with_items: "{{play_hosts}}"
    - name: "7.清理临时数据"
      shell: rm -rf  ~/.ssh/rsa && echo "结束"

    5.执行yaml

    [root@node1 data]# ansible-playbook ssh-init.yaml 
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by 
default, this will change, but still be user configurable on deprecation. This feature will be removed in version 
2.10. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
 [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details

 [WARNING]: Found variable using reserved name: name


PLAY [ssh-init] *******************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************
ok: [172.17.16.4]
ok: [172.17.16.13]
ok: [172.17.16.12]

TASK [1.初始化] **********************************************************************************************************
changed: [172.17.16.4] => (item=None)
changed: [172.17.16.13] => (item=None)
changed: [172.17.16.12] => (item=None)
changed: [172.17.16.4] => (item=None)
changed: [172.17.16.13] => (item=None)
changed: [172.17.16.12] => (item=None)
changed: [172.17.16.4] => (item=None)
changed: [172.17.16.4]
changed: [172.17.16.13] => (item=None)
changed: [172.17.16.13]
changed: [172.17.16.12] => (item=None)
changed: [172.17.16.12]

TASK [2.生成新的公钥和私钥] ****************************************************************************************************
changed: [172.17.16.4]
changed: [172.17.16.13]
changed: [172.17.16.12]

TASK [3.拷贝远程公钥到本机] ****************************************************************************************************
changed: [172.17.16.4]
changed: [172.17.16.13]
changed: [172.17.16.12]

TASK [4.同步证书到其他主机] ****************************************************************************************************
ok: [172.17.16.4]
changed: [172.17.16.13]
changed: [172.17.16.12]

TASK [5.合并密钥] *********************************************************************************************************
changed: [172.17.16.4]
changed: [172.17.16.13]
changed: [172.17.16.12]

TASK [6.添加known_hosts] ************************************************************************************************
changed: [172.17.16.4] => (item=172.17.16.4)
changed: [172.17.16.12] => (item=172.17.16.4)
changed: [172.17.16.13] => (item=172.17.16.4)
changed: [172.17.16.4] => (item=172.17.16.12)
changed: [172.17.16.13] => (item=172.17.16.12)
changed: [172.17.16.12] => (item=172.17.16.12)
changed: [172.17.16.4] => (item=172.17.16.13)
changed: [172.17.16.13] => (item=172.17.16.13)
changed: [172.17.16.12] => (item=172.17.16.13)

TASK [7.清理临时数据] *******************************************************************************************************
 [WARNING]: Consider using the file module with state=absent rather than running 'rm'.  If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.

changed: [172.17.16.4]
changed: [172.17.16.13]
changed: [172.17.16.12]

PLAY RECAP ************************************************************************************************************
172.17.16.12               : ok=8    changed=7    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
172.17.16.13               : ok=8    changed=7    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
172.17.16.4                : ok=8    changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

    6.测试

    [root@node1 data]# ssh 172.17.16.13
Last login: Thu Sep 19 20:27:13 2019 from 172.17.16.4
[root@node3 ~]# exit

    相关文章

      网友评论

          本文标题:Ansible(一)、实现SSH免密

          本文链接:https://www.haomeiwen.com/subject/yytructx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|Ansible(一)、实现SSH免密|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!