MENU

Ansible 自动化(2) 批量分发公钥

January 1, 2018 • Read: 1841 • 应用搭建阅读设置

使用交互 shell 推送公钥证书:

#!/bin/bash
yum install -y expect
#安装 expect

# set_ssh_keys.sh
password="123123"     ## 主机的密码,每个主机的密码要求一样





auto_ssh_copy_id() {
    expect -c "set timeout -1;
    spawn ssh-copy-id -i $2;
    expect {
  (yes/no) {send -- yesr;exp_continue;}
        assword: {send -- $1r;exp_continue;}
        eof        {exit 0;}
    }";
}
for i in $(</root/hosts)  ##主机ip文件,一行一个
do
     auto_ssh_copy_id $password $i
done

使用 xml 配置:

vi key.yml

---

- name: Useage:sudo ansible-playbook -i hosts.ini(iplist) xiaoniu-authorized-key.yml -e "hosts=all user=ops " -t authorized-key -k
  remote_user: root
  hosts: localhost
  gather_facts: False

- hosts: "{{ hosts }}"
  remote_user: root
  gather_facts: no
  tasks:
  - name: create user on ansible server to provide pubkey
    user: name="{{ user }}"
          generate_ssh_key=yes 
          ssh_key_type=rsa 
          ssh_key_bits=2048 
          ssh_key_file=.ssh/id_rsa 
          state=present
    tags: authorized-key
  
- hosts: "{{ hosts }}"
  remote_user: root
  tasks:
  - name: create user on remote host as ansible remote_user
    user: name="{{ user }}" state=present
    tags: authorized-key
  
  - set_fact: lookup_file_path="/root/.ssh/id_rsa.pub"
    when: user == "root"
    tags: authorized-key
  
  - set_fact: lookup_file_path="{{ '/home/'+user+'/.ssh/id_rsa.pub' }}"
    when: user != "root"
    tags: authorized-key
  
  - name: copy id_rsa.pub to remote host for authorized trust
    authorized_key: user="{{ user }}" key="{{ lookup('file',lookup_file_path) }}"
    tags: authorized-key

执行配置:

ansible-playbook key.yml  -e "hosts=all user=root" -k
ansible-playbook key.yml  -e "hosts=dev user=root" -k

兼总条贯 知至知终

最后编辑于: April 2, 2018