• ansible配置主机间免密登陆

    1.使用ssh-key生成公钥和私钥

    只在一台机器上生成秘钥:

    ssh-keygen -t rsa -b 2048 -P '' -f  /home/log4x/.ssh/id_rsa

    在所有主机上生成秘钥:

    ansible all -m shell -a " ssh-keygen -t rsa -b 2048 -P '' -f  /home/log4x/.ssh/id_rsa"

    2./etc/ansible/hosts文件内容

    3. 执行命令:

     4.编写playbook剧本

    1. # cat ssh.yml
    2. ---
    3. - hosts: all
    4.   gather_facts: no
    5.  
    6.   tasks:
    7.   - name: install ssh key
    8.     authorized_key: user=log4x
    9.                     key="{{ lookup('file','/home/log4x/.ssh/id_rsa.pub')}}"
    10.                     state=present

    5.执行剧本

    1. ansible-playbook -i /etc/ansible/hosts ssh.yml 
    2.  
    3. PLAY [all] *******************************************************************************************************************************************************
    4.  
    5. TASK [install ssh key] *******************************************************************************************************************************************
    6. changed: [log4x172.20.xxx]
    7. changed: [log4x172.20.xxx]
    8. changed: [log4x172.20.xxx]
    9. changed: [log4x172.20.xxx]
    10. changed: [log4x172.20.xxx]
    11.  
    12. PLAY RECAP *******************************************************************************************************************************************************
    13. log4x172.20.xxx        : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    14. log4x172.20.xxx        : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    15. log4x172.20.xxx         : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    16. log4x172.20.xxx         : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    17. log4x172.20.xxx         : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

    6.验证结果

    1. [log4x@slcj-log4x sk]$ ssh 172.20.xxx
    2. Last login: Fri Sep  2 12:21:13 2022 from 172.20.xxx
    3. [log4x@slcj-rzcli-filk ~]$

    7.各主机间相互免密

    1. ansible all -m shell -a "cat /home/log4x/.ssh/id_rsa.pub" >> 33.log
    2. cat 33.log
    3. [log4x@slcj-log4x .ssh]$ cat 33.log 
    4. log4x172.20.xxx | CHANGED | rc=0 >>
    5. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQLdcU2RogKifSSvzIYbfxl3rhC2pLO1xpUrq4CNRoCQ3ee9ZfDB4FXZLMdnoEqHVYhurFF3ApaHEISLW01gl6p+RinOUt+x8HLa6tdegpYvB5BjxPWThuiYzmhvf4uGEoWsUnowUnhvNpTdkQcHFI3AdXcSAqU/F4zZf4dwAIaeD9Fy5zlyG+FhVFx4EYP9ji7lMXKXUWAOyrUZn+w2VU+WccEKS7hBVXruX4M0iuLI1ftbiTw6Fs0rrlGqXNASmDICxXEawpuj7Y7sfpsaJZKmmC4HaV7GWsyjy6Ade0VAY25tOuiFgdGtqF9z/DTN0Xpd9Z9Llm23y6h7Ez+uJ/ log4x@slcj-log5x
    6. log4x172.20.xxx | CHANGED | rc=0 >>
    7. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD1Cl48C3vg83C3CrcgJ5HuouGhszek/dd64LLfzfd0KGwPJRoI5F/xjsbK5mnWJ35hS3D3t8heSxDUjv6mQwxLn8VYfYUWA7qzVqozWt5EGMdv8xk0gteMi1SYkA1+u0/mTfQIic5c54JW4rOt63s10LGiVIGbnzSKFntsvz670nMv/DAFPJZZtYoP4e1mczDmEM1T3LZviIGZKJPViA7Y6iGHp4kacH9hOeTi7xpEHSngaxoAQc+eyrMV9XePRCzIm5RuFAK4NDpCfM8M/tave7OtoMEJzI3qJ3kLf6BpUWsD2rrDVf5xVuKlB0V1avSUEk7IeswDot4ZSqSudwUn log4x@slcj-rzcl
    8. log4x172.20.xxx | CHANGED | rc=0 >>
    9. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYy3Kx4Delxzvg55SNKN7Cn8BvMi6uyNSqe8kguR42BLsCSnDAhw9gz4q6b/ANqnnVY3G4PjN2KRvg3TYZ9yoxHO9No8eAEGcjhEILxFXDPw1Eitv0JDffh33G6ec9/AniLSrZtERkVuZ0g03vX1TvYIvSLJ9BYgFIGf7qD8y8s4sg49e2Ig85Mp0M3eurvEBGw93f/mgIj+mQW1dacnYmbIeUkuBaeyad+895ZXsZGXzD5sTHLnRYwkweRdVdzFKDZmlNMQDeeYdrAI3Vi2+Lv878liPnhs9GdyuQgceHkwwm1PQCZSu/YgOllUmIhKyeGxE6gmUDXT67w1kF+zCx log4x@slcj-rzcli
    10. log4x172.20.xxx | CHANGED | rc=0 >>
    11. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPBa910vWDrLGc/jE3FoWeCtGCg7MjDDfGMQUCVIyUBp0NpfiPwXvhBn1PCEXAF9X0V/WHSJw+B2QH/Q7529x1PEelMMOJIUS+lv5OEBG0RkVUZ66VFKOg/XlW/CDklhKHp0yzcm4MSb0QRN9GzMXIw8cqG89xa/+yL41XrtIBnKxD5AdJGzJr5P9f9h5rBbSKh6yoJc7S5m4Tls8QnLYQo/RuojLwjkf5yV7z4Kg6NAZIfOpJy4+r7iYZotYDxRaUOwnprtLa9vN9bbd4UbEVGMLvuVkLAiDcW0EnaUzcf0XjHthK+LXRRmFbWtBD1j3ABZuwy5bWU6ZSKhEMelHJ log4x@slcj-rzsj
    12. log4x172.20.xxx | CHANGED | rc=0 >>
    13. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmmt1FjfCHYq5DjsrWpzhgAOl2vAtm+7NVDWLFlvU4OCHMX/3D1raDTIZIfTiyRJCP/iPOGys5eY7IEYgpmrxQQivKZJDGbjflgN8lFGv2OOzWdu4LFJZaHU3oAS1Ok7BgTXM790p2N1K0lNSrh+jOl1spMV7guyZ1zsHC9jj9heWyGv13PysCd77ebawsYWmgzAMVL5UraPmFWrC9S/hE+1HAa7L2ABPbwQGF7mblL/WGguVrkuodk8x6AAXEP73J/PgVgw9wTvE6s+qLHKLXubRXMrYFdKTv8pNO5V1hPTlZ755+Jlovq6yDGNty9LrjopvXn5RPNW+PuYLXsXdp log4x@slcj

    将33.log中的密码,都加入到authorized_keys文件中,将authorized_keys文件分发到所有机器

    1. [log4x@slcj-log4x .ssh]$ ansible all -m copy -a "src=/home/log4x/.ssh/authorized_keys dest=/home/log4x/.ssh/"
    2. log4x172.20.xxx | CHANGED => {
    3.     "ansible_facts": {
    4.         "discovered_interpreter_python": "/usr/bin/python"
    5.     }, 
    6.     "changed": true, 
    7.     "checksum": "f441b1c06255a4a7a1ee23a4fd44bd480e8addef", 
    8.     "dest": "/home/log4x/.ssh/authorized_keys", 
    9.     "gid": 1000, 
    10.     "group": "log4x", 
    11.     "md5sum": "2619273ad981f944a12b9571de6eb779", 
    12.     "mode": "0600", 
    13.     "owner": "log4x", 
    14.     "size": 2008, 
    15.     "src": "/home/log4x/.ansible/tmp/ansible-tmp-1662094582.66-75144-66062671490455/source", 
    16.     "state": "file", 
    17.     "uid": 1000
    18. }
    19. log4x172.20.xxx | CHANGED => {
    20.     "ansible_facts": {
    21.         "discovered_interpreter_python": "/usr/bin/python"
    22.     }, 
    23.     "changed": true, 
    24.     "checksum": "f441b1c06255a4a7a1ee23a4fd44bd480e8addef", 
    25.     "dest": "/home/log4x/.ssh/authorized_keys", 
    26.     "gid": 1000, 
    27.     "group": "log4x", 
    28.     "md5sum": "2619273ad981f944a12b9571de6eb779", 
    29.     "mode": "0600", 
    30.     "owner": "log4x", 
    31.     "size": 2008, 
    32.     "src": "/home/log4x/.ansible/tmp/ansible-tmp-1662094582.67-75146-280348871791696/source", 
    33.     "state": "file", 
    34.     "uid": 1000
    35. }
    36. log4x172.20.xxx | CHANGED => {
    37.     "ansible_facts": {
    38.         "discovered_interpreter_python": "/usr/bin/python"
    39.     }, 
    40.     "changed": true,

    8.结果验证

    1. [log4x@slcj .ssh]$ ssh 172.20.xxx
    2. Last login: Fri Sep  2 12:56:23 2022 from 172.20.xxx
    3. [log4x@slcj-log5x ~]$ ssh 172.20.xxx
    4. The authenticity of host '172.20.xxx (172.20.251.196)' can't be established.
    5. ECDSA key fingerprint is SHA256:4hdboxixvwfoHJBPA9lIpyaqNGodSLqsXuf8K44a3J8.
    6. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    7. Warning: Permanently added '172.20.xxx' (ECDSA) to the list of known hosts.
    8. Last login: Fri Sep  2 12:56:25 2022 from 172.20.xxx
    9. [log4x@slcj-rzsj ~]$ 
    10. [log4x@slcj-rzsj ~]$

    如果不想输入yes,可将known_hosts文件一同copy过去。

    这下,集群中各主机间也是相互免密

  • 相关阅读:
    看一下链表结构
    《数据结构与算法》-双链表的增删查改,链表与顺序表的区别
    留言墙项目【Vue3 + nodejs + express + mysql】——上
    Laravel Fillable() 使用
    记录 Maven 版本覆盖 Bug 的解决过程
    计算机图形学-GAMES101-3
    工业互联网企业身份与访问控制课题研究与探索
    Ubuntu 22.04 开机闪logo后卡在/dev/sda3: clean
    卧式铣床升降台主传动系统设计(说明书+翻译及原文+cad图纸+proe三维图纸)
    Java的浅拷贝与深拷贝
  • 原文地址:https://blog.csdn.net/red_sky_blue/article/details/126660293