安塞尔剧本公钥问题

时间:2016-04-27 17:58:06

标签: ssh key ansible ansible-playbook

我已经有了这个基本的手册,它将位于public_keys文件夹中的所有公钥附加到.ssh / authorized_keys中的用户文件夹中:

- hosts: default

vars:
  user: user1

tasks:
- name: Set up authorized_keys for the user
  authorized_key: user={{ user }} key="{{ item }}"
  with_fileglob:
  - public_keys/*.pub

当我在ansible上运行时,它给了我这个错误,而且我几乎坚持了它:

TASK [Set up authorized_keys for the user] ************************
failed: [default] => (item=/Users/trax/Git/ansible-keys/public_keys/test.pub) => {"failed": true, "item": "/Users/trax/Git/ansible-keys/public_keys/test.pub", "msg": "invalid key specified: /Users/trax/Git/ansible-keys/public_keys/test.pub"}

公钥文件完全有效,因为我目前正在使用它并且它完美无缺。它没有评论,我实际上会把它粘贴在这里你可以看到它:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4e+RLnQAqo3azuFzbynD9n6L7Qc2NjEwNLQRqKOd17532rHAhGOxz9ZV7ca5J6y9Z8QyV2EP9oXXpXd7I9oG1ybiU2cOmMQ7mIMFnMgy90dgVmF4X4Rj3fPch271TIQhvBH36L1eagk98Tlj32zepHNmC7ECFiAUihxXsuGAcFK4l9Y3s0HZe913E1ewUxXjUZAaqmzEQwW621hWDDTU1zUCnPPqEe6DFy6PUP8YL8mLbbKuSL2W6bD7rzm1axZANvoYeD5egvzwSMeZ8f+XF3MbuyhiJhGEFjwDfDkibP4bwQqZm5IdI1c0Ot2X67OHFsHx04gbs6ZzBkD39Z6Jr trax@M.local

有什么建议吗?非常感谢...

3 个答案:

答案 0 :(得分:3)

假设密钥文件是控制机器的本地密钥文件,可以很容易地使用file lookup来获取密钥内容,例如:

- hosts: default
  tasks:
  - authorized_key:
      user: '{{ user }}'
      key: '{{ lookup('file', item) }}'
    with_fileglob: public_keys/*.pub

答案 1 :(得分:1)

key参数的参数需要是(不是文件的路径,而是实际的内容)或网址的。来自文档:

  

key SSH公钥,作为字符串或(自1.9开始)url(https://github.com/username.keys

因此,您可以添加一个将密钥读入已注册变量的任务,然后将其循环以安装密钥:

- hosts: all
  tasks:
    - name: read keys

      # This needs to run on localhost, because that's where
      # the keys are stored.
      delegate_to: localhost

      command: cat {{item}}

      # Register the results of this task in a variable called
      # "keys"
      register: keys

      with_fileglob:
        - "public-keys/*.pub"

    - name: show what was stored in the keys variable
      debug:
        var: keys

    - authorized_key:
        user: fedora
        key: "{{item.stdout}}"
      with_items: "{{keys.results}}"

参见Ansible documentation on using register with loops 详情。

答案 2 :(得分:0)

由于其中大部分都是旧的,我有一个适合我的更新版本。

      - name: Set authorized key taken from file
        authorized_key:
          user: yourtargetusername
          state: present
          key: "{{ lookup('file', 'yourtargetkey.pub') }}"