当前位置: 首页 > news >正文

ansible配置主机间免密登陆

news 来源:原创 2024/5/4 5:57:16

1.使用ssh-key生成公钥和私钥

只在一台机器上生成秘钥:

ssh-keygen -t rsa -b 2048 -P '' -f  /home/log4x/.ssh/id_rsa

在所有主机上生成秘钥:

ansible all -m shell -a " ssh-keygen -t rsa -b 2048 -P '' -f  /home/log4x/.ssh/id_rsa"

2./etc/ansible/hosts文件内容

3. 执行命令:

 4.编写playbook剧本

# cat ssh.yml
---
- hosts: all
  gather_facts: no
 
  tasks:
  - name: install ssh key
    authorized_key: user=log4x
                    key="{{ lookup('file','/home/log4x/.ssh/id_rsa.pub')}}"
                    state=present

5.执行剧本

ansible-playbook -i /etc/ansible/hosts ssh.yml 

PLAY [all] *******************************************************************************************************************************************************

TASK [install ssh key] *******************************************************************************************************************************************
changed: [log4x172.20.xxx]
changed: [log4x172.20.xxx]
changed: [log4x172.20.xxx]
changed: [log4x172.20.xxx]
changed: [log4x172.20.xxx]

PLAY RECAP *******************************************************************************************************************************************************
log4x172.20.xxx        : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
log4x172.20.xxx        : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
log4x172.20.xxx         : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
log4x172.20.xxx         : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
log4x172.20.xxx         : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

6.验证结果

[log4x@slcj-log4x sk]$ ssh 172.20.xxx
Last login: Fri Sep  2 12:21:13 2022 from 172.20.xxx
[log4x@slcj-rzcli-filk ~]$

7.各主机间相互免密

ansible all -m shell -a "cat /home/log4x/.ssh/id_rsa.pub" >> 33.log
cat 33.log
[log4x@slcj-log4x .ssh]$ cat 33.log 
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQLdcU2RogKifSSvzIYbfxl3rhC2pLO1xpUrq4CNRoCQ3ee9ZfDB4FXZLMdnoEqHVYhurFF3ApaHEISLW01gl6p+RinOUt+x8HLa6tdegpYvB5BjxPWThuiYzmhvf4uGEoWsUnowUnhvNpTdkQcHFI3AdXcSAqU/F4zZf4dwAIaeD9Fy5zlyG+FhVFx4EYP9ji7lMXKXUWAOyrUZn+w2VU+WccEKS7hBVXruX4M0iuLI1ftbiTw6Fs0rrlGqXNASmDICxXEawpuj7Y7sfpsaJZKmmC4HaV7GWsyjy6Ade0VAY25tOuiFgdGtqF9z/DTN0Xpd9Z9Llm23y6h7Ez+uJ/ log4x@slcj-log5x
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD1Cl48C3vg83C3CrcgJ5HuouGhszek/dd64LLfzfd0KGwPJRoI5F/xjsbK5mnWJ35hS3D3t8heSxDUjv6mQwxLn8VYfYUWA7qzVqozWt5EGMdv8xk0gteMi1SYkA1+u0/mTfQIic5c54JW4rOt63s10LGiVIGbnzSKFntsvz670nMv/DAFPJZZtYoP4e1mczDmEM1T3LZviIGZKJPViA7Y6iGHp4kacH9hOeTi7xpEHSngaxoAQc+eyrMV9XePRCzIm5RuFAK4NDpCfM8M/tave7OtoMEJzI3qJ3kLf6BpUWsD2rrDVf5xVuKlB0V1avSUEk7IeswDot4ZSqSudwUn log4x@slcj-rzcl
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYy3Kx4Delxzvg55SNKN7Cn8BvMi6uyNSqe8kguR42BLsCSnDAhw9gz4q6b/ANqnnVY3G4PjN2KRvg3TYZ9yoxHO9No8eAEGcjhEILxFXDPw1Eitv0JDffh33G6ec9/AniLSrZtERkVuZ0g03vX1TvYIvSLJ9BYgFIGf7qD8y8s4sg49e2Ig85Mp0M3eurvEBGw93f/mgIj+mQW1dacnYmbIeUkuBaeyad+895ZXsZGXzD5sTHLnRYwkweRdVdzFKDZmlNMQDeeYdrAI3Vi2+Lv878liPnhs9GdyuQgceHkwwm1PQCZSu/YgOllUmIhKyeGxE6gmUDXT67w1kF+zCx log4x@slcj-rzcli
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPBa910vWDrLGc/jE3FoWeCtGCg7MjDDfGMQUCVIyUBp0NpfiPwXvhBn1PCEXAF9X0V/WHSJw+B2QH/Q7529x1PEelMMOJIUS+lv5OEBG0RkVUZ66VFKOg/XlW/CDklhKHp0yzcm4MSb0QRN9GzMXIw8cqG89xa/+yL41XrtIBnKxD5AdJGzJr5P9f9h5rBbSKh6yoJc7S5m4Tls8QnLYQo/RuojLwjkf5yV7z4Kg6NAZIfOpJy4+r7iYZotYDxRaUOwnprtLa9vN9bbd4UbEVGMLvuVkLAiDcW0EnaUzcf0XjHthK+LXRRmFbWtBD1j3ABZuwy5bWU6ZSKhEMelHJ log4x@slcj-rzsj
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmmt1FjfCHYq5DjsrWpzhgAOl2vAtm+7NVDWLFlvU4OCHMX/3D1raDTIZIfTiyRJCP/iPOGys5eY7IEYgpmrxQQivKZJDGbjflgN8lFGv2OOzWdu4LFJZaHU3oAS1Ok7BgTXM790p2N1K0lNSrh+jOl1spMV7guyZ1zsHC9jj9heWyGv13PysCd77ebawsYWmgzAMVL5UraPmFWrC9S/hE+1HAa7L2ABPbwQGF7mblL/WGguVrkuodk8x6AAXEP73J/PgVgw9wTvE6s+qLHKLXubRXMrYFdKTv8pNO5V1hPTlZ755+Jlovq6yDGNty9LrjopvXn5RPNW+PuYLXsXdp log4x@slcj

将33.log中的密码,都加入到authorized_keys文件中,将authorized_keys文件分发到所有机器

[log4x@slcj-log4x .ssh]$ ansible all -m copy -a "src=/home/log4x/.ssh/authorized_keys dest=/home/log4x/.ssh/"
log4x172.20.xxx | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "f441b1c06255a4a7a1ee23a4fd44bd480e8addef", 
    "dest": "/home/log4x/.ssh/authorized_keys", 
    "gid": 1000, 
    "group": "log4x", 
    "md5sum": "2619273ad981f944a12b9571de6eb779", 
    "mode": "0600", 
    "owner": "log4x", 
    "size": 2008, 
    "src": "/home/log4x/.ansible/tmp/ansible-tmp-1662094582.66-75144-66062671490455/source", 
    "state": "file", 
    "uid": 1000
}
log4x172.20.xxx | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "f441b1c06255a4a7a1ee23a4fd44bd480e8addef", 
    "dest": "/home/log4x/.ssh/authorized_keys", 
    "gid": 1000, 
    "group": "log4x", 
    "md5sum": "2619273ad981f944a12b9571de6eb779", 
    "mode": "0600", 
    "owner": "log4x", 
    "size": 2008, 
    "src": "/home/log4x/.ansible/tmp/ansible-tmp-1662094582.67-75146-280348871791696/source", 
    "state": "file", 
    "uid": 1000
}
log4x172.20.xxx | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true,

8.结果验证

[log4x@slcj .ssh]$ ssh 172.20.xxx
Last login: Fri Sep  2 12:56:23 2022 from 172.20.xxx
[log4x@slcj-log5x ~]$ ssh 172.20.xxx
The authenticity of host '172.20.xxx (172.20.251.196)' can't be established.
ECDSA key fingerprint is SHA256:4hdboxixvwfoHJBPA9lIpyaqNGodSLqsXuf8K44a3J8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.20.xxx' (ECDSA) to the list of known hosts.
Last login: Fri Sep  2 12:56:25 2022 from 172.20.xxx
[log4x@slcj-rzsj ~]$ 
[log4x@slcj-rzsj ~]$

如果不想输入yes,可将known_hosts文件一同copy过去。

这下,集群中各主机间也是相互免密

相关文章:

  • 在项目中操作MySQL
  • 3倍通气的医用外科口罩,佩戴舒适过滤不打折
  • Linux文件及目录结构
  • lec formality inconclusive举例
  • 2022极端高温!人工智能如何预测森林火灾?| 万物AI
  • redis五大数据类型+redis6 新类型(详解+指令)
  • 【云原生 | 从零开始学Kubernetes】十七、Kubernetes核心技术Service
  • 传述最详细的干货,让简历面试不再成为你找工作的绊脚石
  • 【云原生丨Kubernetes系列⑥】集群的WEB UI管理⼯具:Dashboard 插件
  • 开学季征文|一个爱立Flag 的大冤种
  • 《MySQL实战45讲》——学习笔记04-05 “深入浅出索引、最左前缀原则、索引下推优化“
  • 翻译: Transformer一种用于语言理解的新型神经网络架构 Google AI
  • 两种方法,计算带地形起伏的地表面积
  • 全景分割(Panoptic Segmentation)(CVPR 2019)
  • 【云原生】基于Kubernetes开发的阿里云ACK之可观测监控
  • Codepen 每日精选(2018-3-25)
  • github指令
  • Javascripit类型转换比较那点事儿,双等号(==)
  • java第三方包学习之lombok
  • Mysql数据库的条件查询语句
  • Spring Boot快速入门(一):Hello Spring Boot
  • Three.js 再探 - 写一个跳一跳极简版游戏
  • 初识 beanstalkd
  • 等保2.0 | 几维安全发布等保检测、等保加固专版 加速企业等保合规
  • 翻译:Hystrix - How To Use
  • 实习面试笔记
  • 实现简单的正则表达式引擎
  • 实战:基于Spring Boot快速开发RESTful风格API接口
  • 手写双向链表LinkedList的几个常用功能
  • 系统认识JavaScript正则表达式
  • 小程序 setData 学问多
  • 一个完整Java Web项目背后的密码
  • Prometheus VS InfluxDB
  • ​MySQL主从复制一致性检测
  • ![CDATA[ ]] 是什么东东
  • # 日期待t_最值得等的SUV奥迪Q9:空间比MPV还大,或搭4.0T,香
  • #Lua:Lua调用C++生成的DLL库
  • $L^p$ 调和函数恒为零
  • (0)Nginx 功能特性
  • (06)Hive——正则表达式
  • (MIT博士)林达华老师-概率模型与计算机视觉”
  • (TipsTricks)用客户端模板精简JavaScript代码
  • (zt)基于Facebook和Flash平台的应用架构解析
  • (附源码)ssm教师工作量核算统计系统 毕业设计 162307
  • (官网安装) 基于CentOS 7安装MangoDB和MangoDB Shell
  • (十八)SpringBoot之发送QQ邮件
  • (十八)用JAVA编写MP3解码器——迷你播放器
  • (十一)图像的罗伯特梯度锐化
  • (原创)攻击方式学习之(4) - 拒绝服务(DOS/DDOS/DRDOS)
  • .[backups@airmail.cc].faust勒索病毒的最新威胁:如何恢复您的数据?
  • .cn根服务器被攻击之后
  • .net 8 发布了,试下微软最近强推的MAUI
  • .Net 高效开发之不可错过的实用工具
  • .NET导入Excel数据
  • .net流程开发平台的一些难点(1)