ansible配置主机间免密登陆
1.使用ssh-key生成公钥和私钥
只在一台机器上生成秘钥:
ssh-keygen -t rsa -b 2048 -P '' -f /home/log4x/.ssh/id_rsa在所有主机上生成秘钥:
ansible all -m shell -a " ssh-keygen -t rsa -b 2048 -P '' -f /home/log4x/.ssh/id_rsa"2./etc/ansible/hosts文件内容
3. 执行命令:
4.编写playbook剧本
# cat ssh.yml
---
- hosts: all
gather_facts: no
tasks:
- name: install ssh key
authorized_key: user=log4x
key="{{ lookup('file','/home/log4x/.ssh/id_rsa.pub')}}"
state=present5.执行剧本
ansible-playbook -i /etc/ansible/hosts ssh.yml
PLAY [all] *******************************************************************************************************************************************************
TASK [install ssh key] *******************************************************************************************************************************************
changed: [log4x172.20.xxx]
changed: [log4x172.20.xxx]
changed: [log4x172.20.xxx]
changed: [log4x172.20.xxx]
changed: [log4x172.20.xxx]
PLAY RECAP *******************************************************************************************************************************************************
log4x172.20.xxx : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
log4x172.20.xxx : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
log4x172.20.xxx : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
log4x172.20.xxx : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
log4x172.20.xxx : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
6.验证结果
[log4x@slcj-log4x sk]$ ssh 172.20.xxx
Last login: Fri Sep 2 12:21:13 2022 from 172.20.xxx
[log4x@slcj-rzcli-filk ~]$ 7.各主机间相互免密
ansible all -m shell -a "cat /home/log4x/.ssh/id_rsa.pub" >> 33.log
cat 33.log
[log4x@slcj-log4x .ssh]$ cat 33.log
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQLdcU2RogKifSSvzIYbfxl3rhC2pLO1xpUrq4CNRoCQ3ee9ZfDB4FXZLMdnoEqHVYhurFF3ApaHEISLW01gl6p+RinOUt+x8HLa6tdegpYvB5BjxPWThuiYzmhvf4uGEoWsUnowUnhvNpTdkQcHFI3AdXcSAqU/F4zZf4dwAIaeD9Fy5zlyG+FhVFx4EYP9ji7lMXKXUWAOyrUZn+w2VU+WccEKS7hBVXruX4M0iuLI1ftbiTw6Fs0rrlGqXNASmDICxXEawpuj7Y7sfpsaJZKmmC4HaV7GWsyjy6Ade0VAY25tOuiFgdGtqF9z/DTN0Xpd9Z9Llm23y6h7Ez+uJ/ log4x@slcj-log5x
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD1Cl48C3vg83C3CrcgJ5HuouGhszek/dd64LLfzfd0KGwPJRoI5F/xjsbK5mnWJ35hS3D3t8heSxDUjv6mQwxLn8VYfYUWA7qzVqozWt5EGMdv8xk0gteMi1SYkA1+u0/mTfQIic5c54JW4rOt63s10LGiVIGbnzSKFntsvz670nMv/DAFPJZZtYoP4e1mczDmEM1T3LZviIGZKJPViA7Y6iGHp4kacH9hOeTi7xpEHSngaxoAQc+eyrMV9XePRCzIm5RuFAK4NDpCfM8M/tave7OtoMEJzI3qJ3kLf6BpUWsD2rrDVf5xVuKlB0V1avSUEk7IeswDot4ZSqSudwUn log4x@slcj-rzcl
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYy3Kx4Delxzvg55SNKN7Cn8BvMi6uyNSqe8kguR42BLsCSnDAhw9gz4q6b/ANqnnVY3G4PjN2KRvg3TYZ9yoxHO9No8eAEGcjhEILxFXDPw1Eitv0JDffh33G6ec9/AniLSrZtERkVuZ0g03vX1TvYIvSLJ9BYgFIGf7qD8y8s4sg49e2Ig85Mp0M3eurvEBGw93f/mgIj+mQW1dacnYmbIeUkuBaeyad+895ZXsZGXzD5sTHLnRYwkweRdVdzFKDZmlNMQDeeYdrAI3Vi2+Lv878liPnhs9GdyuQgceHkwwm1PQCZSu/YgOllUmIhKyeGxE6gmUDXT67w1kF+zCx log4x@slcj-rzcli
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPBa910vWDrLGc/jE3FoWeCtGCg7MjDDfGMQUCVIyUBp0NpfiPwXvhBn1PCEXAF9X0V/WHSJw+B2QH/Q7529x1PEelMMOJIUS+lv5OEBG0RkVUZ66VFKOg/XlW/CDklhKHp0yzcm4MSb0QRN9GzMXIw8cqG89xa/+yL41XrtIBnKxD5AdJGzJr5P9f9h5rBbSKh6yoJc7S5m4Tls8QnLYQo/RuojLwjkf5yV7z4Kg6NAZIfOpJy4+r7iYZotYDxRaUOwnprtLa9vN9bbd4UbEVGMLvuVkLAiDcW0EnaUzcf0XjHthK+LXRRmFbWtBD1j3ABZuwy5bWU6ZSKhEMelHJ log4x@slcj-rzsj
log4x172.20.xxx | CHANGED | rc=0 >>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmmt1FjfCHYq5DjsrWpzhgAOl2vAtm+7NVDWLFlvU4OCHMX/3D1raDTIZIfTiyRJCP/iPOGys5eY7IEYgpmrxQQivKZJDGbjflgN8lFGv2OOzWdu4LFJZaHU3oAS1Ok7BgTXM790p2N1K0lNSrh+jOl1spMV7guyZ1zsHC9jj9heWyGv13PysCd77ebawsYWmgzAMVL5UraPmFWrC9S/hE+1HAa7L2ABPbwQGF7mblL/WGguVrkuodk8x6AAXEP73J/PgVgw9wTvE6s+qLHKLXubRXMrYFdKTv8pNO5V1hPTlZ755+Jlovq6yDGNty9LrjopvXn5RPNW+PuYLXsXdp log4x@slcj将33.log中的密码,都加入到authorized_keys文件中,将authorized_keys文件分发到所有机器
[log4x@slcj-log4x .ssh]$ ansible all -m copy -a "src=/home/log4x/.ssh/authorized_keys dest=/home/log4x/.ssh/"
log4x172.20.xxx | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "f441b1c06255a4a7a1ee23a4fd44bd480e8addef",
"dest": "/home/log4x/.ssh/authorized_keys",
"gid": 1000,
"group": "log4x",
"md5sum": "2619273ad981f944a12b9571de6eb779",
"mode": "0600",
"owner": "log4x",
"size": 2008,
"src": "/home/log4x/.ansible/tmp/ansible-tmp-1662094582.66-75144-66062671490455/source",
"state": "file",
"uid": 1000
}
log4x172.20.xxx | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "f441b1c06255a4a7a1ee23a4fd44bd480e8addef",
"dest": "/home/log4x/.ssh/authorized_keys",
"gid": 1000,
"group": "log4x",
"md5sum": "2619273ad981f944a12b9571de6eb779",
"mode": "0600",
"owner": "log4x",
"size": 2008,
"src": "/home/log4x/.ansible/tmp/ansible-tmp-1662094582.67-75146-280348871791696/source",
"state": "file",
"uid": 1000
}
log4x172.20.xxx | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true, 8.结果验证
[log4x@slcj .ssh]$ ssh 172.20.xxx
Last login: Fri Sep 2 12:56:23 2022 from 172.20.xxx
[log4x@slcj-log5x ~]$ ssh 172.20.xxx
The authenticity of host '172.20.xxx (172.20.251.196)' can't be established.
ECDSA key fingerprint is SHA256:4hdboxixvwfoHJBPA9lIpyaqNGodSLqsXuf8K44a3J8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.20.xxx' (ECDSA) to the list of known hosts.
Last login: Fri Sep 2 12:56:25 2022 from 172.20.xxx
[log4x@slcj-rzsj ~]$
[log4x@slcj-rzsj ~]$ 如果不想输入yes,可将known_hosts文件一同copy过去。
这下,集群中各主机间也是相互免密