CENTOS7 Ansible Configuring SSH Public key authentication

Source: Internet
Author: User

First, Introduction

Ansible is strong in the playbooks, but in order to use the playbooks very well, we must first have some foundation. such as: How to write a one-time script command? How do you know which modules are available? How are each module used? such as


With this article, you can learn how to use one-time commands and some modules.


After installing Ansible, to get started, you also need to create a list of controlled hosts. Default Read/etc/ansible/hosts, if the file does not exist, you will receive it for creation.

[Email protected] ~]# cat/etc/ansible/hosts

[Para]

192.168.2.92


You can also set the default manifest file by using the environment variable ansible_inventory , which is used before version 1.9 ansible_hosts

Export Ansible_inventory=~/ansible_hosts


In addition ansible by default is through SSH key and remote controlled host to communicate, of course, we can ssh password to communicate with the remote host. If SSH key is used, it is officially advocated to place the public key on the control host in the/root/.ssh/authorized_keys file of the monitored host. After all, the direct use of passwords there is a certain risk.


Second, the environment

Control Host: 10.0.2.15

Controlled Host: 192.168.2.92

Host manifest file:/tmp/ansible_inventory.txt

[Email protected] ~]# Cat/tmp/ansible_inventory.txt

[Para]

192.168.2.92


Third, create SSH authentication file

# The operation is performed in the control host .

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7E/E0/wKiom1cLWH2AYn5ZAAA77fb4JpE729.png "title=" Ansible1.png "alt=" Wkiom1clwh2ayn5zaaa77fb4jpe729.png "/>

After the SSH authentication file is successfully created, add the control host's public key file Id_rsa.pub to the ~/.ssh/authorized_keys of the controlled host.

# ~ refers to the user home directory where the control host and the controlled host communicate .

# Id_rsa is the private key file of the control host and should be kept strictly .

# Id_rsa.pub is the public key file of the control host and can be distributed freely .


Iv. distribution of public key files

How do I add a public key file to the ~/.ssh/authorized_keys of the controlled host? In general, we can upload the public key file to the controlled host through SCP. Now that we've talked about ansible, we can use it to do it.

    • Method One:

Through the copy and file modules.

[Email protected] ~]# ansible para-i/tmp/ansible_inventory.txt-m copy-a "Src=/root/.ssh/id_rsa.pub Dest=/tmp/authori Zed_keys "-K

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7E/DD/wKioL1cLXWPB7S1_AABJs1AO1IQ257.png "title=" Ansible2.png "alt=" Wkiol1clxwpb7s1_aabjs1ao1iq257.png "/>

# Copy the public key file to the controlled host

# para is the name of the host group

#-I indicates the host manifest file

#-m copy using module, module name copy. Ansible-doc-l List all available modules

#-A module options ansible-doc-s < module name > List module parameters

#-K indicates authentication with SSH PASSWD


[[Email protected] ~] #ansible all-m file-a "Path=/root/.ssh state=directory"-K

[[Email protected] ~] #ansible all-m shell-a "Cat/tmp/authorized_keys >>/root/.ssh/authorized_keys"-K

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7E/DD/wKioL1cLXuWjFLetAAA0pn3hOgQ891.png "title=" Ansible3.png "alt=" Wkiol1clxuwjfletaaa0pn3hogq891.png "/>

# if the. SSH directory does not exist in the user's home directory in the controlled host, it is created.

# then append the uploaded public key file to the user's Authorized_keys file


    • Method Two:

Add through the Authorized_key module

[[Email protected] ~] #ansible para-i/tmp/inventory.txt-m authorized_key-a "User=root key= ' {{lookup (' file ', '/ROOT/.SS H/id_rsa.pub ')}} ' "-K

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7E/DD/wKioL1cLYKTRPbzGAABxUJu27Ro955.png "title=" Ansible4.png "alt=" Wkiol1clyktrpbzgaabxuju27ro955.png "/>

#lookup (' file ', '/root/.ssh/id_rsa.pub ') is the content of the read/root/.ssh/id_rsa.pub


V. Summary

The above two methods can be the control of the host's SSH public key file, loaded into the control of the host's Authorized_keys file, and later on the control of the host Run command will not need to enter the control host password.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7E/E0/wKiom1cLYOaRfEyqAAAWJ5f9dks693.png "title=" Ansib5.png "alt=" Wkiom1clyoarfeyqaaawj5f9dks693.png "/>


============================= Split Line ===========================


Although success, but the problem comes! For more than one host, the password is different, I want to do the input? is not exhausted, not exhausted also bored to death. What's the best thing to do? ~~~~~~~, please keep your look.


Before you perform the following steps, empty the pubkey that exist in the 192.168.2.92

[[email protected] ~]# ansible para-i/tmp/ansible_inventory.txt-m authorized_key-a "User=root key= ' {{lookup (' file ', '/ Root/.ssh/id_rsa.pub ')}} ' State=absent '

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7E/DD/wKioL1cLZy-yrtMHAABp5mxBvXY600.png "title=" Ansible5.png "alt=" Wkiol1clzy-yrtmhaabp5mxbvxy600.png "/>

#清空之后, when executing the command, you need to add the-K parameter, and then enter the password, otherwise error.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7E/E0/wKiom1cLZu6R8KzFAAAkWZzqnys507.png "title=" Ansible6.png "alt=" Wkiom1clzu6r8kzfaaakwzzqnys507.png "/>


Modify the ansible configuration file/etc/ansible/ansible.cfg

echo "host_key_checking = False" >>/etc/ansible/ansible.cfg

#关闭host_key_checking


#新增一台主机192.168.2.94

[Email protected] ~]# Cat/tmp/ansible_inventory.txt

[Para]
192.168.2.94 ansible_connection=ssh Ansible_ssh_user=root Ansible_ssh_pass=pass1
192.168.2.92 ansible_connection=ssh Ansible_ssh_user=root Ansible_ssh_pass=pass2

#ansible_connection =ssh using SSH connection

#ansible_ssh_user =root Root User name

#ansible_ssh_pass =PASSX Root User password


Distribute the public key file again through the Authorized_key module

[[email protected] ~]# ansible para-i/tmp/ansible_inventory.txt-m authorized_key-a "User=root key= ' {{lookup (' file ', '/ Root/.ssh/id_rsa.pub ')}} '

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/7E/E1/wKiom1cLaWvgE1geAADJU5iUJb0506.png "title=" Ansible7.png "alt=" Wkiom1clawvge1geaadju5iujb0506.png "/>


Friendly tips:

After successfully distributing the control host public key file through the secondary method, turn on host_key_checkingand clear the connection information in inventory!!!


This article from "Life in the diligent, not So Ho get" blog, please be sure to keep this source http://wangjun51.blog.51cto.com/6124567/1762673

CENTOS7 Ansible Configuring SSH Public key authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.