Ansible下配置免密控制 管理有两种模式:公钥认证来实现控制节点和托管节点ssh的无密码连接

基于公钥

  1. vim /etc/ansible/hosts
  2. [web]
  3. 10.1.115.48
  4. [root@c7 .ssh]# ssh-keygen  (一直回车)
  5. Generating public/private rsa key pair.
  6. Enter file in which to save the key (/root/.ssh/id_rsa):
  7. Enter passphrase (empty for no passphrase):
  8. Enter same passphrase again:
  9. Your identification has been saved in /root/.ssh/id_rsa.
  10. Your public key has been saved in /root/.ssh/id_rsa.pub.
  11. The key fingerprint is:
  12. SHA256:kd8LqaUWG2MKc8V6fSmVDQ8PlTbMCyrjwKkNnUEhgyk root@c7.7-44
  13. The key's randomart image is:
  14. +---[RSA 2048]----+
  15. |   oo.o.    ++.. |
  16. |E o  o.. .  .O*  |
  17. | .   o +=  .oo+o |
  18. |    . *oo+.+ ..  |
  19. |    o+ooSoB +    |
  20. |    .+.+.O + .   |
  21. |      . =   .    |
  22. |       .         |
  23. |                 |
  24. +----[SHA256]-----+
  25. ————————————————

  1. 拷贝公钥到目标主机

    1. cd /root/.ssh/
    2. ssh-copy-id -i id_rsa.pub root@10.1.115.48

  2. 测试

    1. ansible web -m ping 
    2. 10.1.115.48 | SUCCESS => {
    3.  "ansible_facts": {
    4.      "discovered_interpreter_python": "/usr/bin/python"
    5.  }, 
    6.  "changed": false, 
    7.  "ping": "pong"
    8. }

基于hosts清单中的主机密码

ansible_ssh_port=22 :远程主机登陆端口 ansible_ssh_user=root :远程主机登陆用户名 ansible_ssh_pass=123456 :远程主机登陆用户名的密码 ssh-keyscan:是用来保存到known_hosts里面免除首次登录需要输入yes,但是如果直接保存到authorized_keys里面,就不会生效

  1. vim /etc/ansible/hosts
  2. [web]
  3. 10.1.115.48 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=123456
  4. -------------------------------------------------
  5. ssh-keyscan 10.1.115.48 >> /root/.ssh/known_hosts

验证:

  1. ansible web -m ping