+-
将rsa密钥部署到其他计算机

我试图在一个主机中创建一个密钥,然后在其余主机中部署密钥。但是ansible错了,因为它无法找到我的密钥。

我创建了用户dbadmin,后来我试图推送密钥,可能是什么错误。不幸的是,详细没有多少帮助。

 - name: Create user
    user:
       name: dbadmin
       shell: /bin/bash

  - name: Add user to sudoers group
    copy:
          dest: "/etc/sudoers.d/dbadmin"
          content: "devops  ALL=(ALL)  NOPASSWD: ALL"

  - name: Give ssh directory readable
    file:
        path: /home/dbadmin/.ssh
        owner: dbadmin
        group: dbadmin
        mode: 0700
        state: directory

  - name: Generate /etc/ssh RSA host key
    command: su dbadmin -c 'ssh-keygen -q -t rsa -f /home/dbadmin/.ssh/vid_rsa -N ""'
    args:
      creates: /home/dbadmin/.ssh/vid_rsa
    run_once: True


  - name: Disable Password Authentication
    lineinfile:
           dest=/etc/ssh/sshd_config
           regexp='^PasswordAuthentication'
           line="PasswordAuthentication no"
           state=present
           backup=yes

  - name: Disable Password Authentication
    lineinfile:
        dest: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin '
        line: PermitRootLogin no"
        state: present
        backup: yes

  - name: Deploy ssh key
    authorized_key:
        user: dbadmin
        key: "{{ lookup('file', '/home/dbadmin/.ssh/vid_rsa.pub') }}"
        path: '/home/dbadmin/.ssh'

错误:

TASK [vertica-backup-restore : Deploy ssh key] *****************************************************************************************************************************
 [WARNING]: Unable to find '/home/dbadmin/.ssh/vid_rsa.pub' in expected paths (use -vvvvv to see paths)

fatal: [xx.xxx.xx.xx]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/dbadmin/.ssh/vid_rsa.pub"}
 [WARNING]: Unable to find '/home/dbadmin/.ssh/vid_rsa.pub' in expected paths (use -vvvvv to see paths)

[[email protected]]$ ls -al
total 8
drwx------ 2 dbadmin dbadmin   40 Apr  9 12:48 .
drwx------ 3 dbadmin dbadmin   74 Apr  8 22:41 ..
-rw------- 1 dbadmin dbadmin 1675 Apr  9 12:48 vid_rsa
-rw-r--r-- 1 dbadmin dbadmin  417 Apr  9 12:48 vid_rsa.pub
[[email protected]]$ pwd
/home/dbadmin/.ssh
0
投票

从给出的代码中,我不清楚如何将密钥从一个主机复制到其他主机,但我猜你在远程机器上分别创建了用户和密钥对。

由于authorized_key模块很可能会在您的控制计算机(运行ansible)上查找该文件,因此如果您在远程服务器上运行任务,它将无法在本地找到该密钥。

为了解决这个问题,您可以使用:delegate_to: "{{ inventory_hostname }}",但是为了将密钥从一个主机复制到其他主机,您仍然必须在所有所需主机上迭代该任务,并将其委托给您创建用户的主机。

看看docs以更好地了解授权。

如果这不是问题,如果您使用主机(而不是真实的IP地址)更新问题可能会有所帮助,因此我们可以看到可能出现的问题。