zoukankan      html  css  js  c++  java
  • ansible分发密钥

     http://www.361way.com/ansible-cfg/4401.html

    修改host_key_checking(默认是check的):改为false,      host_key_checking = False    取消注释修改

    vi /home/xiangdong/ansible/ansible.cfg
    # uncomment this to disable SSH key host checking
    host_key_checking = False

    插入hosts文件

    [root@m01 ansible]# tail hosts
    172.16.1.9
    [web21_c7]
    10.0.0.17
    [c7]
    10.0.0.64
    10.0.0.62
    [c7:vars]
    ansible_ssh_user=root 
    ansible_ssh_pass=123456
    ansible_ssh_port=22

    最后命令行执行:

    ansible c7 -m  authorized_key  -a "user=root key='{{ lookup('file', '/root/.ssh/id_rsa.pub') }}'"

    上面路径还可以指定path分发密钥

    ===============================================

    ansible小结(四)ansible.cfg与默认配置

    Ansible默认安装好后有一个配置文件/etc/ansible/ansible.cfg,该配置文件中定义了ansible的主机的默认配置部分,如默认是否需要输入密码、是否开启sudo认证、action_plugins插件的位置、hosts主机组的位置、是否开启log功能、默认端口、key文件位置等等。

    具体如下:

    1. [defaults]
    2. # some basic default values...
    3. hostfile = /etc/ansible/hosts \指定默认hosts配置的位置
    4. # library_path = /usr/share/my_modules/
    5. remote_tmp = $HOME/.ansible/tmp
    6. pattern = *
    7. forks = 5
    8. poll_interval = 15
    9. sudo_user = root \远程sudo用户
    10. #ask_sudo_pass = True \每次执行ansible命令是否询问ssh密码
    11. #ask_pass = True \每次执行ansible命令时是否询问sudo密码
    12. transport = smart
    13. remote_port = 22
    14. module_lang = C
    15. gathering = implicit
    16. host_key_checking = False \关闭第一次使用ansible连接客户端是输入命令提示
    17. log_path = /var/log/ansible.log \需要时可以自行添加。chown -R root:root ansible.log
    18. system_warnings = False \关闭运行ansible时系统的提示信息,一般为提示升级
    19. # set plugin path directories here, separate with colons
    20. action_plugins = /usr/share/ansible_plugins/action_plugins
    21. callback_plugins = /usr/share/ansible_plugins/callback_plugins
    22. connection_plugins = /usr/share/ansible_plugins/connection_plugins
    23. lookup_plugins = /usr/share/ansible_plugins/lookup_plugins
    24. vars_plugins = /usr/share/ansible_plugins/vars_plugins
    25. filter_plugins = /usr/share/ansible_plugins/filter_plugins
    26. fact_caching = memory
    27. [accelerate]
    28. accelerate_port = 5099
    29. accelerate_timeout = 30
    30. accelerate_connect_timeout = 5.0
    31. # The daemon timeout is measured in minutes. This time is measured
    32. # from the last activity to the accelerate daemon.
    33. accelerate_daemon_timeout = 30

    本篇就结合一个示例对其进行下了解。我在对之前未连接的主机进行连结时报错如下:

    1. [root@361way.com ~]# ansible test -a 'uptime'
    2. 10.212.52.14 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
    3. 10.212.52.16 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.

    从上面的输出提示上基本可以了解到由于在本机的~/.ssh/known_hosts文件中并有fingerprint key串,ssh第一次连接的时候一般会提示输入yes 进行确认为将key字符串加入到  ~/.ssh/known_hosts 文件中。

    方法1:

    了解到问题原因为,我们了解到进行ssh连接时,可以使用-o参数将StrictHostKeyChecking设置为no,使用ssh连接时避免首次连接时让输入yes/no部分的提示。通过查看ansible.cfg配置文件,发现如下行:

    1. [ssh_connection]
    2. # ssh arguments to use
    3. # Leaving off ControlPersist will result in poor performance, so use
    4. # paramiko on older platforms rather than removing it
    5. #ssh_args = -o ControlMaster=auto -o ControlPersist=60s

    所以这里我们可以启用ssh_args 部分,使用下面的配置,避免上面出现的错误:

    1. ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no

    方法2:

    在ansible.cfg配置文件中,也会找到如下部分:

    1. # uncomment this to disable SSH key host checking
    2. host_key_checking = False

    默认host_key_checking部分是注释的,通过找开该行的注释,同样也可以实现跳过 ssh 首次连接提示验证部分。由于配置文件中直接有该选项,所以推荐用方法2 。

    其他部分

    由于官方给的说明比较详细,同时ansible.cfg 文件本身默认也有注释提示部分,所以不做过多说明,这里再举个例子,默认ansible 执行的时候,并不会输出日志到文件,不过在ansible.cfg 配置文件中有如下行:

    1. # logging is off by default unless this path is defined
    2. # if so defined, consider logrotate
    3. log_path = /var/log/ansible.log

    同样,默认log_path这行是注释的,打开该行的注释,所有的命令执行后,都会将日志输出到/var/log/ansible.log 文件,便于了解在何时执行了何操作及其结果,如下:

    1. [root@361way.com ansible]# cat /var/log/ansible.log
    2. 2015-05-04 01:57:19,758 p=4667 u=root |
    3. 2015-05-04 01:57:19,759 p=4667 u=root | /usr/bin/ansible test -a uptime
    4. 2015-05-04 01:57:19,759 p=4667 u=root |
    5. 2015-05-04 01:57:20,563 p=4667 u=root | 10.212.52.252 | success | rc=0 >>
    6. 01:57am up 23 days 11:20, 2 users, load average: 0.38, 0.38, 0.40
    7. 2015-05-04 01:57:20,831 p=4667 u=root | 10.212.52.14 | success | rc=0 >>
    8. 02:03am up 331 days 8:19, 2 users, load average: 0.08, 0.05, 0.05
    9. 2015-05-04 01:57:20,909 p=4667 u=root | 10.212.52.16 | success | rc=0 >>
    10. 02:05am up 331 days 8:56, 2 users, load average: 0.00, 0.01, 0.05

    更多部分可以参看官方文档

  • 相关阅读:
    leetcode Super Ugly Number
    leetcode Find Median from Data Stream
    leetcode Remove Invalid Parentheses
    leetcode Range Sum Query
    leetcode Range Sum Query
    leetcode Minimum Height Trees
    hdu 3836 Equivalent Sets
    hdu 1269 迷宫城堡
    hud 2586 How far away ?
    poj 1330 Nearest Common Ancestors
  • 原文地址:https://www.cnblogs.com/gaoyuechen/p/7990237.html
Copyright © 2011-2022 走看看