ansible需要連接時要用ssh連接
這是我的三台機
首先安裝ansible
[root@ansible ansible]#yum -y install ansible #ansible 來自於epel源 需提起配置好yum源 [root@ansible ansible]#vim /etc/ansible/ansible.cfg #找到下面這行取消注釋 接下來就不用再敲ssh鏈接的yes了 # uncomment this to disable SSH key host checking host_key_checking = False [root@ansible ~]# vim /etc/ansible/hosts #再文檔中插入下面幾行 指定s1 s2 [websrvs] 10.0.0.135 10.0.0.136 [appsrvs] 10.0.0.137 10.0.0.135 [root@ansible ansible]# ssh-keygen #生成私鑰對 簡單一點 三個回車 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:QvVjh5L5A0dJj/F3TUnkIJhcKJ99VHu4FggpEX3ntBY root@ansible The key's randomart image is: +---[RSA 3072]----+ | ==X= .++o | | o.X+BooE+o | | . B.X.*++=+ | | . O + o++. | | . S o . .o | | . . . | | | | | | | +----[SHA256]-----+ [root@ansible ansible]# [root@ansible ansible]# ssh-copy-id 10.0.0.135 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.0.0.135's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '10.0.0.135'" and check to make sure that only the key(s) you wanted were added. [root@ansible ansible]# ssh-copy-id 10.0.0.136 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '10.0.0.136 (10.0.0.136)' can't be established. ECDSA key fingerprint is SHA256:QTYZIuatHBEX0/T0slePw79lDwToxIpy02zZsedJLHo. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.0.0.136's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '10.0.0.136'" and check to make sure that only the key(s) you wanted were added. [root@ansible ansible]# ansible websrvs -m ping #檢查一下是否能通 10.0.0.136 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } 10.0.0.135 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }
ping pong 完美
----------------------------利用sshpass批量實現基於key驗證腳本----------------------------------
@1
[root@centos8 ~]#vim /etc/ssh/ssh_config #修改下面一行 StrictHostKeyChecking no [root@centos8 ~]#cat hosts.list 10.0.0.135 10.0.0.136 [root@centos8 ~]#vim push_ssh_key.sh #!/bin/bash rpm -q sshpass &> /dev/null || yum -y install sshpass [ -f /root/.ssh/id_rsa ] || ssh-keygen -f /root/.ssh/id_rsa -P '' export SSHPASS=123456 while read IP;do sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $IP done < hosts.list
@2
[root@centos8 ~]#cat ssh_key.sh #!/bin/bash IPLIST=" 10.0.0.135 10.0.0.136 10.0.0.137 10.0.0.138 10.0.0.139" rpm -q sshpass &> /dev/null || yum -y install sshpass [ -f /root/.ssh/id_rsa ] || ssh-keygen -f /root/.ssh/id_rsa -P '' export SSHPASS=123456 for IP in $IPLIST;do sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $IP done