ansible 批量上傳ssh key

背景：

剛裝完系統後，需要使用ansible統一管理服務器，但是必須的上傳ssh 公鑰到被管理系統，如何解決呢，請看以下步驟。

一、安裝sshpass

dnf install epel-release
dnf install sshpass

二、編寫playbook 文件ssh-key.yml

---
  - hosts: k8s
    remote_user: root
    vars:
      ansible_ssh_user: "root"
      ansible_ssh_pass: "123456"
    tasks:
      - name: Auth
        authorized_key:
          user: root
          key: "{{ lookup('file','~/.ssh/id_rsa.pub') }}"

三、在ansible節點生成公鑰，一路回車

ssh-keygen

四、執行ansible-playbook ssh-key.yml 命令，返回結果如下：

fatal: [192.168.100.51]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."}
fatal: [192.168.100.53]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."}

因爲ansible默認已開啓密鑰檢查，所有出現此問題，解決辦法如下：

在ansible.cfg 文件中添加 host_key_checking = False

五、重新執行ansible-playbook ssh-key.yml ，結果如下：

PLAY [k8s] ***********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [192.168.100.52]
ok: [192.168.100.51]
ok: [192.168.100.53]

TASK [Auth] **********************************************************************************************************************************************************************************************
ok: [192.168.100.52]
changed: [192.168.100.51]
changed: [192.168.100.53]

PLAY RECAP ***********************************************************************************************************************************************************************************************
192.168.100.51             : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
192.168.100.52             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
192.168.100.53             : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0