1.使用 ssh-keygen -t rsa生成密钥对
ssh-keygen -t rsa
2.推送单个公钥到远程机器
格式: ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected][ip,hostname]
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
3.添加ansible hosts
编辑/etc/ansible/hosts,没有则创建些文件。
格式:【主机名】 【主机地址】 【主机密码】 默认是root用户来进行的
[tomcat-servers] 1 ansible_ssh_user="tomcat" ansible_ssh_host=192.168.100.1 ansible_ssh_pass="test" 2 ansible_ssh_user="tomcat" ansible_ssh_host=192.168.100.2 ansible_ssh_pass="test"
新版的ansible(2.4) hosts有更新, 用以下方式:
[tomcat-servers]
192.168.100.1 ansible_user=tomcat ansible_ssh_pass="test" 192.168.100.2 ansible_user=tomcat ansible_ssh_pass="test"
4.批量推送公钥到远程机器
机器多的情况下,使用ssh-copy-id方法有些费时,使用ansible-playbook推送ymal,这里使用到了authoried_keys模块,可以参考 http://docs.ansible.com/authorized_key_module.html
将以下文件命名为:push.ssh.ymal
# Using alternate directory locations: - hosts: tomcat-servers user: tomcat tasks: - name: ssh-copy authorized_key: user=tomcat key="{{ lookup(‘file‘, ‘/home/tomcat/.ssh/id_rsa.pub‘) }}" tags: - sshkey
5.执行推送命令
ansible-playbook push.ssh.ymal
6.如若报错,解决
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host‘s fingerprint to your known_hosts file to manage this host.
修改host_key_checking(默认是check的):
vi /home/xiangdong/ansible/ansible.cfg # uncomment this to disable SSH key host checking host_key_checking = False
7.测试
#查看各机器时间 ansible all -a date #ansible all -m command -a date # 作用同上 #ping ansible all -m ping
输出结果:
$ ansible all -m ping 192.168.100.1 | SUCCESS => { "changed": false, "ping": "pong" }
参考:
https://www.cnblogs.com/amosli/p/6122908.html
1.http://mageedu.blog.51cto.com/4265610/1412028
2.http://www.justwinit.cn/post/8973/
原文地址:https://www.cnblogs.com/sandshell/p/11701552.html
时间: 2024-10-01 03:10:57