Ansible下配置免密控制 管理有两种模式:公钥认证来实现控制节点和托管节点ssh
的无密码连接
基于公钥
vim /etc/ansible/hosts
[web]
10.1.115.48
[root@c7 .ssh]# ssh-keygen (一直回车)
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:kd8LqaUWG2MKc8V6fSmVDQ8PlTbMCyrjwKkNnUEhgyk root@c7.7-44
The key's randomart image is:
+---[RSA 2048]----+
| oo.o. ++.. |
|E o o.. . .O* |
| . o += .oo+o |
| . *oo+.+ .. |
| o+ooSoB + |
| .+.+.O + . |
| . = . |
| . |
| |
+----[SHA256]-----+
————————————————
拷贝公钥到目标主机
cd /root/.ssh/
ssh-copy-id -i id_rsa.pub root@10.1.115.48
测试
ansible web -m ping
10.1.115.48 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
基于hosts清单中的主机密码
ansible_ssh_port=22 :远程主机登陆端口 ansible_ssh_user=root :远程主机登陆用户名 ansible_ssh_pass=123456 :远程主机登陆用户名的密码 ssh-keyscan:是用来保存到known_hosts里面免除首次登录需要输入yes,但是如果直接保存到authorized_keys里面,就不会生效
vim /etc/ansible/hosts
[web]
10.1.115.48 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=123456
-------------------------------------------------
ssh-keyscan 10.1.115.48 >> /root/.ssh/known_hosts
验证:
ansible web -m ping