我已经有了这个基本的手册,它将位于public_keys文件夹中的所有公钥附加到.ssh / authorized_keys中的用户文件夹中:
- hosts: default
vars:
user: user1
tasks:
- name: Set up authorized_keys for the user
authorized_key: user={{ user }} key="{{ item }}"
with_fileglob:
- public_keys/*.pub
当我在ansible上运行时,它给了我这个错误,而且我几乎坚持了它:
TASK [Set up authorized_keys for the user] ************************
failed: [default] => (item=/Users/trax/Git/ansible-keys/public_keys/test.pub) => {"failed": true, "item": "/Users/trax/Git/ansible-keys/public_keys/test.pub", "msg": "invalid key specified: /Users/trax/Git/ansible-keys/public_keys/test.pub"}
公钥文件完全有效,因为我目前正在使用它并且它完美无缺。它没有评论,我实际上会把它粘贴在这里你可以看到它:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4e+RLnQAqo3azuFzbynD9n6L7Qc2NjEwNLQRqKOd17532rHAhGOxz9ZV7ca5J6y9Z8QyV2EP9oXXpXd7I9oG1ybiU2cOmMQ7mIMFnMgy90dgVmF4X4Rj3fPch271TIQhvBH36L1eagk98Tlj32zepHNmC7ECFiAUihxXsuGAcFK4l9Y3s0HZe913E1ewUxXjUZAaqmzEQwW621hWDDTU1zUCnPPqEe6DFy6PUP8YL8mLbbKuSL2W6bD7rzm1axZANvoYeD5egvzwSMeZ8f+XF3MbuyhiJhGEFjwDfDkibP4bwQqZm5IdI1c0Ot2X67OHFsHx04gbs6ZzBkD39Z6Jr trax@M.local
有什么建议吗?非常感谢...
答案 0 :(得分:3)
假设密钥文件是控制机器的本地密钥文件,可以很容易地使用file lookup来获取密钥内容,例如:
- hosts: default
tasks:
- authorized_key:
user: '{{ user }}'
key: '{{ lookup('file', item) }}'
with_fileglob: public_keys/*.pub
答案 1 :(得分:1)
key参数的参数需要是键(不是文件的路径,而是实际的内容)或网址的。来自文档:
keySSH公钥,作为字符串或(自1.9开始)url(https://github.com/username.keys)
因此,您可以添加一个将密钥读入已注册变量的任务,然后将其循环以安装密钥:
- hosts: all
tasks:
- name: read keys
# This needs to run on localhost, because that's where
# the keys are stored.
delegate_to: localhost
command: cat {{item}}
# Register the results of this task in a variable called
# "keys"
register: keys
with_fileglob:
- "public-keys/*.pub"
- name: show what was stored in the keys variable
debug:
var: keys
- authorized_key:
user: fedora
key: "{{item.stdout}}"
with_items: "{{keys.results}}"
答案 2 :(得分:0)
由于其中大部分都是旧的,我有一个适合我的更新版本。
- name: Set authorized key taken from file
authorized_key:
user: yourtargetusername
state: present
key: "{{ lookup('file', 'yourtargetkey.pub') }}"