主页 / unix / 问题 / 722676
Accepted
markfree
Asked: 2022-10-28 06:03:53 +0800 CST

Ansible - 将授权密钥推送到具有不同密码的多个主机组

  • 772

我想使用 Ansible 将新用户的公钥推送到主机清单。为此,创建了一个剧本,如下例所示。

---
- name: vms1 - Authorize hosts with pub key
  hosts: vms1
  tasks:
    - name: Copy ssh pub key to remote host
      ansible.posix.authorized_key:
        user: user1
        state: present
        key: "{{ lookup('file', '/home/controluser/.ssh/id_rsa.pub') }}"

- name: vms2 - Authorize hosts with pub key
  hosts: vms2
  tasks:
    - name: Copy ssh pub key to remote host
      ansible.posix.authorized_key:
        user: user2
        state: present
        key: "{{ lookup('file', '/home/controluser/.ssh/id_rsa.pub') }}"

- name: vms3 - Authorize hosts with pub key
  hosts: vms3
  tasks:
    - name: Copy ssh pub key to remote host
      ansible.posix.authorized_key:
        user: user3
        state: present
        key: "{{ lookup('file', '/home/controluser/.ssh/id_rsa.pub') }}"

库存是这样的。(有更多的主机)

[vms1]
192.168.7.211
192.168.7.212
192.168.7.213

[vms2]
192.168.7.21
192.168.7.22
192.168.7.23

[vms3]
192.168.7.111
192.168.7.112
192.168.7.113

每个游戏都有自己的主机组和自己的用户。可以使用以下命令启动 playbook。

ansible-playbook -k -i inventory playbook.yml

使用-k选项时,它只询问一次 SSH 密码。我遇到的问题是每个组的密码都不同。因此,我想为每个游戏输入密码。

每次播放都需要密码吗?

ansible

1 个回答

  1. Best Answer

    问:“如何为每场比赛要求密码?”

    答:使用变量ansible_password。例如,将变量放入剧本的vars

    - hosts: vms1
  vars:
    ansible_password: connection passwd for vms1
  tasks:
    - name: Copy ssh pub key to remote host
      ...

- hosts: vms2
  vars:
    ansible_password: connection passwd for vms2
  tasks:
    - name: Copy ssh pub key to remote host
      ...

    阅读详情

    shell> ansible-doc -t connection ssh

    在第一次播放时阅读密码并在以后使用它们。例如,给定库存

    shell> cat hosts
[vms1]
192.168.7.211
192.168.7.212
192.168.7.213

[vms2]
192.168.7.21
192.168.7.22
192.168.7.23

[vms3]
192.168.7.111
192.168.7.112
192.168.7.113

    下面的剧本

    shell> cat pb.yml
- hosts: all
  gather_facts: false
  tasks:
    - block:
        - pause:
            prompt: "Password for {{ item }}"
          register: out
          loop: "{{ groups|difference(['all', 'ungrouped']) }}"
        - set_fact:
            passwords: "{{ dict(out.results|json_query('[].[item, user_input]')) }}"
        - debug:
            var: passwords
      run_once: true

- hosts: vms1
  gather_facts: false
  vars:
    ansible_password: "{{ passwords.vms1 }}"
  tasks:
    - debug:
        msg: "Copy ssh pub key to remote host by '{{ ansible_password }}'"
      run_once: true

- hosts: vms2
  gather_facts: false
  vars:
    ansible_password: "{{ passwords.vms2 }}"
  tasks:
    - debug:
        msg: "Copy ssh pub key to remote host by '{{ ansible_password }}'"
      run_once: true

- hosts: vms3
  gather_facts: false
  vars:
    ansible_password: "{{ passwords.vms3 }}"
  tasks:
    - debug:
        msg: "Copy ssh pub key to remote host by '{{ ansible_password }}'"
      run_once: true

    在第一次播放时提示用户输入密码并在以后使用它们

    shell> ansible-playbook -i hosts pb.yml 

PLAY [all] ***********************************************************************************

TASK [pause] *********************************************************************************
[pause]
Password for vms1:
passwd for vms1^Mok: [192.168.7.211] => (item=vms1)
[pause]
Password for vms2:
passwd for vms2^Mok: [192.168.7.211] => (item=vms2)
[pause]
Password for vms3:
passwd for vms3^Mok: [192.168.7.211] => (item=vms3)

TASK [set_fact] ******************************************************************************
ok: [192.168.7.211]

TASK [debug] *********************************************************************************
ok: [192.168.7.211] => 
  passwords:
    vms1: passwd for vms1
    vms2: passwd for vms2
    vms3: passwd for vms3

PLAY [vms1] **********************************************************************************

TASK [debug] *********************************************************************************
ok: [192.168.7.211] => 
  msg: Copy ssh pub key to remote host by 'passwd for vms1'

PLAY [vms2] **********************************************************************************

TASK [debug] *********************************************************************************
ok: [192.168.7.21] => 
  msg: Copy ssh pub key to remote host by 'passwd for vms2'

PLAY [vms3] **********************************************************************************

TASK [debug] *********************************************************************************
ok: [192.168.7.111] => 
  msg: Copy ssh pub key to remote host by 'passwd for vms3'

PLAY RECAP ***********************************************************************************
192.168.7.111: ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.7.21:  ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.7.211: ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
    • 1

相关问题