ansible 學習筆記2

ansible ssh key

joulongleu 2022-11-15 11:56:01 ‧ 1036 瀏覽

分享至

之前範例是將密碼放在資產清單中 inventory.ini,這樣很危險,目前大家都是使用 ssh-keygen 產生公私key
再使用以下指令 copy 到另外二台如下 :

#/home/joulong/.ssh/ansible (取 key 的名字為 ansible )
joulong@joulong1:~/.ssh$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/joulong/.ssh/id_rsa): /home/joulong/.ssh/ansible

#joulong2,joulong3是另二台受控電腦
ssh-copy-id -i .ssh/ansible joulong2 
ssh-copy-id -i .ssh/ansible joulong3

#以下是實際操作指令,將公 key copy 到受控的二台 ubuntu 
joulong@joulong1:~$ ssh-copy-id -i .ssh/ansible joulong3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/ansible.pub"
The authenticity of host 'joulong3 (192.168.0.69)' can't be established.
ED25519 key fingerprint is SHA256:5AhyGk49d0pO8oCYYdvBxDm4yUb+kMkRKsfTT63/z08.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
joulong@joulong3's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'joulong3'"
and check to make sure that only the key(s) you wanted were added.

joulong@joulong1:~$ ssh-copy-id -i .ssh/ansible joulong2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/ansible.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
joulong@joulong2's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'joulong2'"
and check to make sure that only the key(s) you wanted were added.

joulong@joulong1:~$

有沒有成功可以使用以下指令:

#joulong2 為受控端
ssh -i .ssh/ansible joulong2

我做一個群組叫 web4 內容沒有密碼但因之前已有將 key copy 到另外二台所以還是可以ping到受控端

[web4]  #沒密碼 [2,3] 是第二台及第三台,您可以下[30,50]便是30到50,都是一道指令哦
joulong[2:3]  ansible_connection=ssh ansible_user=joulong

接著 ping [web4]群組看看,沒有密碼依然可 ping

joulong@joulong1:~$ ansible web4 -m ping -i inventory.ini
joulong2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
joulong3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}