背景:
剛裝完系統後,需要使用ansible統一管理服務器,但是必須的上傳ssh 公鑰到被管理系統,如何解決呢,請看以下步驟。
一、安裝sshpass
dnf install epel-release
dnf install sshpass
二、編寫playbook 文件ssh-key.yml
---
- hosts: k8s
remote_user: root
vars:
ansible_ssh_user: "root"
ansible_ssh_pass: "123456"
tasks:
- name: Auth
authorized_key:
user: root
key: "{{ lookup('file','~/.ssh/id_rsa.pub') }}"
三、在ansible節點生成公鑰,一路回車
ssh-keygen
四、執行ansible-playbook ssh-key.yml 命令,返回結果如下:
fatal: [192.168.100.51]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."}
fatal: [192.168.100.53]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."}
因爲ansible默認已開啓密鑰檢查,所有出現此問題,解決辦法如下:
在ansible.cfg 文件中添加 host_key_checking = False
五、重新執行ansible-playbook ssh-key.yml ,結果如下:
PLAY [k8s] ***********************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************************************
ok: [192.168.100.52]
ok: [192.168.100.51]
ok: [192.168.100.53]
TASK [Auth] **********************************************************************************************************************************************************************************************
ok: [192.168.100.52]
changed: [192.168.100.51]
changed: [192.168.100.53]
PLAY RECAP ***********************************************************************************************************************************************************************************************
192.168.100.51 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.100.52 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.100.53 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0