ansible 核心模块之 authorized_key

authorized_key 模块

分发 ansible 控制端的 ssh 公钥到远程服务器

常用参数 (=号后面的强制要求):

  • = key

指定 ssh 公钥,搭配 lookup 使用,使用语法为:lookup('plugin_name', 'plugin_argument')
lookup 是 ansible 的一个插件,在 ansible 中使用频率非常高,几乎稍微复杂一点的 playbook 都可能会用上它
实例:authorized_key: key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}" state=present user=root

  • state

present 表示添加指定 key 到 authorized_keys 文件中, absent 表示从 authorized_keys 文件中移除指定 key
[Default: present]

  • = user

将密钥分发给目标主机上的哪个用户,默认会将公钥写入目标主机的 /home/USERNAME/.ssh/authorized_keys 文件中

  • exclusive

是否移除 authorized_keys 文件中其它非指定 key
[Default: no]
type: bool
version_added: 1.9

  • key_options

附加到 key 中的字符串
[Default: (null)]
version_added: 1.4

  • manage_dir

指定模块是否应该管理 authorized key 文件所在的目录
[Default: yes]
type: bool
version_added: 1.2

  • path

authorized_keys 文件存放的位置
[Default: (homedir)+/.ssh/authorized_keys]
version_added: 1.2

实例:

- name: Set authorized key taken from file
  authorized_key:
    user: charlie
    state: present
    key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"

- name: Set authorized keys taken from url
  authorized_key:
    user: charlie
    state: present
    key: https://github.com/charlie.keys

- name: Set authorized key in alternate location
  authorized_key:
    user: charlie
    state: present
    key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
    path: /etc/ssh/authorized_keys/charlie
    manage_dir: False

- name: Set up multiple authorized keys
  authorized_key:
    user: deploy
    state: present
    key: '{{ item }}'
  with_file:
    - public_keys/doe-jane
    - public_keys/doe-john

- name: Set authorized key defining key options
  authorized_key:
    user: charlie
    state: present
    key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
    key_options: 'no-port-forwarding,from="10.0.1.1"'

- name: Set authorized key without validating the TLS/SSL certificates
  authorized_key:
    user: charlie
    state: present
    key: https://github.com/user.keys
    validate_certs: False

- name: Set authorized key, removing all the authorized keys already set
  authorized_key:
    user: root
    key: '{{ item }}'
    state: present
    exclusive: True
  with_file:
    - public_keys/doe-jane

- name: Set authorized key for user ubuntu copying it from current user
  authorized_key:
    user: ubuntu
    state: present
    key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"

你可能感兴趣的:(ansible 核心模块之 authorized_key)