基于Ansible配置SSH免密钥


在安装Ansible过程中已尝试添加hadoop用户与hadoop用户组,接下来基于hadoop用户完成各个主机之间SSH免密钥登陆。

# 编辑 init_sshkey.yaml, 内容如下:

- hosts: bdp
  remote_user: hadoop
  vars:
    - name: "bdp"
  tasks:
      #不打印日志
      #no_log: True
      #局部打印日志
      #loop_control:
      #label: ""
    - name: "1.初始化.ssh目录"
      file: 'path=/home/hadoop/.ssh state=absent'
    - name: "2.创建新的.ssh目录"  
      file: 'path=/home/hadoop/.ssh/ state=directory owner=hadoop group=hadoop mode=700 force=yes'  
    - name: "3.生成新的公钥和私钥"
      shell: ssh-keygen -t rsa -b 2048 -P "" -f /home/hadoop/.ssh/id_rsa
    - name: "4.拷贝远程公钥到本机"
      fetch: src=/home/hadoop/.ssh/id_rsa.pub dest=/home/hadoop/.ssh/rsa/ force=yes
    - name: "5.同步证书到其他主机"
      copy: src=/home/hadoop/.ssh/rsa dest=/home/hadoop/.ssh/ mode=0644
    - name: "6.合并密钥"
      shell: cat /home/hadoop/.ssh/rsa/*/home/hadoop/.ssh/id_rsa.pub > /home/hadoop/.ssh/authorized_keys
    - name: "7.修改authorized_keys权限为600"
      shell: chmod 600 /home/hadoop/.ssh/authorized_keys 
    - name: "8.添加known_hosts"
      shell: ssh-keyscan {{item}} >> /home/hadoop/.ssh/known_hosts
      with_items: "{{play_hosts}}"
    - name: "9.清理临时数据"
      shell: rm -rf  /home/hadoop/.ssh/rsa && echo "结束"
# 执行文件     
ansible-playbook init_sshkey.yaml

 

你可能感兴趣的:(Linux)