新搭的机器,达到百以上级别的机器,怎么实现批量化管理呢?第一步当然快速部署公钥,实现免密码登陆

演示一下比较烦的情况:
ssh 127.0.0.1得输入yes,然后再输入密码才能登录
cat .ssh/known_hosts

自动化的部分:
Are you sure you want to continue connecting (yes/no)? yes
[email protected]'s password:

免手工输入yes

/etc/ansible/hosts,ansible配置文件:

128.127.0.0.1
172.16.0.3
192.168.1.106

/etc/ssh/ssh_config配置文件添加:

StrictHostKeyChecking no

运行:

ansible all -m ping

配置文件修改回原来的:

StrictHostKeyChecking ask

验证:

cat .ssh/known_hosts
ssh 172.16.0.3

使用密码批量操作机器(一开始机器无公钥)

$ cat host

[nginx]
nginx_127 ansible_ssh_port=22 ansible_ssh_host=127.0.0.1 ansible_ssh_pass=123456 host_key_checking=false ansible_sudo_pass='123456'

[mysql]
mysql_172 ansible_ssh_port=22 ansible_ssh_host=172.16.0.3 ansible_ssh_pass=123456 host_key_checking=false ansible_sudo_pass='123456'

测试:

ansible -i host all -m shell -a "pwd" --user user1

批量添加公钥

ansible all -m script -a "/usr/local/src/script"

chmod +x /usr/local/src/script
/usr/local/src/script(可写)
#!/bin/sh
mkdir /root/.ssh
chmod 700 /root/.ssh
echo '公钥' >>/root/.ssh/authorized_keys    #这一行的话需要改,改成自己的公钥(就是.pub文件)
chmod 600 /root/.ssh/authorized_keys

补充:如果是用普通用户来管理的,需要批量创建用户和添加sudo 权限

配置文件去除密码

[nginx]
nginx_127 ansible_ssh_port=22 ansible_ssh_host=127.0.0.1 ansible_sudo_pass='123456'

[mysql]
mysql_172 ansible_ssh_port=22 ansible_ssh_host=172.16.0.3 ansible_sudo_pass='123456'

验证:

ansible -i hosts  all -m shell  -a 'pwd' --user djidba --private-key=/home/user1/.ssh/id_rsa