将RSA密钥部署到其他计算机

时间:2019-04-09 13:03:56

标签: linux centos ansible centos7

我试图在一个主机中创建一个密钥,然后在其余主机中部署该密钥。 但是ansible出错了,因为它找不到我的钥匙。

我已经创建了用户dbadmin,后来我试图按下该键,这可能是错误的。不幸的是,详细的帮助并不多。 

 - name: Create user
    user:
       name: dbadmin
       shell: /bin/bash

  - name: Add user to sudoers group
    copy:
          dest: "/etc/sudoers.d/dbadmin"
          content: "devops  ALL=(ALL)  NOPASSWD: ALL"

  - name: Give ssh directory readable
    file:
        path: /home/dbadmin/.ssh
        owner: dbadmin
        group: dbadmin
        mode: 0700
        state: directory

  - name: Generate /etc/ssh RSA host key
    command: su dbadmin -c 'ssh-keygen -q -t rsa -f /home/dbadmin/.ssh/vid_rsa -N ""'
    args:
      creates: /home/dbadmin/.ssh/vid_rsa
    run_once: True


  - name: Disable Password Authentication
    lineinfile:
           dest=/etc/ssh/sshd_config
           regexp='^PasswordAuthentication'
           line="PasswordAuthentication no"
           state=present
           backup=yes

  - name: Disable Password Authentication
    lineinfile:
        dest: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin '
        line: PermitRootLogin no"
        state: present
        backup: yes

  - name: Deploy ssh key
    authorized_key:
        user: dbadmin
        key: "{{ lookup('file', '/home/dbadmin/.ssh/vid_rsa.pub') }}"
        path: '/home/dbadmin/.ssh'

错误:

TASK [vertica-backup-restore : Deploy ssh key] *****************************************************************************************************************************
 [WARNING]: Unable to find '/home/dbadmin/.ssh/vid_rsa.pub' in expected paths (use -vvvvv to see paths)

fatal: [xx.xxx.xx.xx]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/dbadmin/.ssh/vid_rsa.pub"}
 [WARNING]: Unable to find '/home/dbadmin/.ssh/vid_rsa.pub' in expected paths (use -vvvvv to see paths)

[dbadmin@ip-xx-xxx-xx-xx.ssh]$ ls -al
total 8
drwx------ 2 dbadmin dbadmin   40 Apr  9 12:48 .
drwx------ 3 dbadmin dbadmin   74 Apr  8 22:41 ..
-rw------- 1 dbadmin dbadmin 1675 Apr  9 12:48 vid_rsa
-rw-r--r-- 1 dbadmin dbadmin  417 Apr  9 12:48 vid_rsa.pub
[dbadmin@ip-xx-xx-xx-xx.ssh]$ pwd
/home/dbadmin/.ssh

1 个答案:

答案 0 :(得分:0)

从给出的代码中,我不清楚这应该如何将密钥从一个主机复制到其他主机,但是我想您是分别在远程计算机上创建用户和密钥对的。

由于authorized_key模块最有可能在控制计算机(正在运行的ansible)上查找文件,因此,如果您在远程服务器上运行任务,它将无法在本地找到密钥

为了解决这个问题,您可以使用:delegate_to: "{{ inventory_hostname }}",但是为了将密钥从一个主机复制到另一个主机,您仍然必须在所有所需的主机上迭代该任务,并将其委托给您在其上创建用户的主机。

看看docs可以更好地理解委托。

如果这不是问题,那么如果您使用主机(不是真实的IP地址)更新问题,则可能会有所帮助,以便我们了解那里可能出了什么问题。

相关问题
最新问题