• ansible分发密钥


     http://www.361way.com/ansible-cfg/4401.html

    修改host_key_checking(默认是check的):改为false,      host_key_checking = False    取消注释修改

    vi /home/xiangdong/ansible/ansible.cfg
    # uncomment this to disable SSH key host checking
    host_key_checking = False

    插入hosts文件

    [root@m01 ansible]# tail hosts
    172.16.1.9
    [web21_c7]
    10.0.0.17
    [c7]
    10.0.0.64
    10.0.0.62
    [c7:vars]
    ansible_ssh_user=root 
    ansible_ssh_pass=123456
    ansible_ssh_port=22

    最后命令行执行:

    ansible c7 -m  authorized_key  -a "user=root key='{{ lookup('file', '/root/.ssh/id_rsa.pub') }}'"

    上面路径还可以指定path分发密钥

    ===============================================

    ansible小结(四)ansible.cfg与默认配置

    Ansible默认安装好后有一个配置文件/etc/ansible/ansible.cfg,该配置文件中定义了ansible的主机的默认配置部分,如默认是否需要输入密码、是否开启sudo认证、action_plugins插件的位置、hosts主机组的位置、是否开启log功能、默认端口、key文件位置等等。

    具体如下:

    1. [defaults]
    2. # some basic default values...
    3. hostfile = /etc/ansible/hosts \指定默认hosts配置的位置
    4. # library_path = /usr/share/my_modules/
    5. remote_tmp = $HOME/.ansible/tmp
    6. pattern = *
    7. forks = 5
    8. poll_interval = 15
    9. sudo_user = root \远程sudo用户
    10. #ask_sudo_pass = True \每次执行ansible命令是否询问ssh密码
    11. #ask_pass = True \每次执行ansible命令时是否询问sudo密码
    12. transport = smart
    13. remote_port = 22
    14. module_lang = C
    15. gathering = implicit
    16. host_key_checking = False \关闭第一次使用ansible连接客户端是输入命令提示
    17. log_path = /var/log/ansible.log \需要时可以自行添加。chown -R root:root ansible.log
    18. system_warnings = False \关闭运行ansible时系统的提示信息,一般为提示升级
    19. # set plugin path directories here, separate with colons
    20. action_plugins = /usr/share/ansible_plugins/action_plugins
    21. callback_plugins = /usr/share/ansible_plugins/callback_plugins
    22. connection_plugins = /usr/share/ansible_plugins/connection_plugins
    23. lookup_plugins = /usr/share/ansible_plugins/lookup_plugins
    24. vars_plugins = /usr/share/ansible_plugins/vars_plugins
    25. filter_plugins = /usr/share/ansible_plugins/filter_plugins
    26. fact_caching = memory
    27. [accelerate]
    28. accelerate_port = 5099
    29. accelerate_timeout = 30
    30. accelerate_connect_timeout = 5.0
    31. # The daemon timeout is measured in minutes. This time is measured
    32. # from the last activity to the accelerate daemon.
    33. accelerate_daemon_timeout = 30

    本篇就结合一个示例对其进行下了解。我在对之前未连接的主机进行连结时报错如下:

    1. [root@361way.com ~]# ansible test -a 'uptime'
    2. 10.212.52.14 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
    3. 10.212.52.16 | FAILED => Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.

    从上面的输出提示上基本可以了解到由于在本机的~/.ssh/known_hosts文件中并有fingerprint key串,ssh第一次连接的时候一般会提示输入yes 进行确认为将key字符串加入到  ~/.ssh/known_hosts 文件中。

    方法1:

    了解到问题原因为,我们了解到进行ssh连接时,可以使用-o参数将StrictHostKeyChecking设置为no,使用ssh连接时避免首次连接时让输入yes/no部分的提示。通过查看ansible.cfg配置文件,发现如下行:

    1. [ssh_connection]
    2. # ssh arguments to use
    3. # Leaving off ControlPersist will result in poor performance, so use
    4. # paramiko on older platforms rather than removing it
    5. #ssh_args = -o ControlMaster=auto -o ControlPersist=60s

    所以这里我们可以启用ssh_args 部分,使用下面的配置,避免上面出现的错误:

    1. ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no

    方法2:

    在ansible.cfg配置文件中,也会找到如下部分:

    1. # uncomment this to disable SSH key host checking
    2. host_key_checking = False

    默认host_key_checking部分是注释的,通过找开该行的注释,同样也可以实现跳过 ssh 首次连接提示验证部分。由于配置文件中直接有该选项,所以推荐用方法2 。

    其他部分

    由于官方给的说明比较详细,同时ansible.cfg 文件本身默认也有注释提示部分,所以不做过多说明,这里再举个例子,默认ansible 执行的时候,并不会输出日志到文件,不过在ansible.cfg 配置文件中有如下行:

    1. # logging is off by default unless this path is defined
    2. # if so defined, consider logrotate
    3. log_path = /var/log/ansible.log

    同样,默认log_path这行是注释的,打开该行的注释,所有的命令执行后,都会将日志输出到/var/log/ansible.log 文件,便于了解在何时执行了何操作及其结果,如下:

    1. [root@361way.com ansible]# cat /var/log/ansible.log
    2. 2015-05-04 01:57:19,758 p=4667 u=root |
    3. 2015-05-04 01:57:19,759 p=4667 u=root | /usr/bin/ansible test -a uptime
    4. 2015-05-04 01:57:19,759 p=4667 u=root |
    5. 2015-05-04 01:57:20,563 p=4667 u=root | 10.212.52.252 | success | rc=0 >>
    6. 01:57am up 23 days 11:20, 2 users, load average: 0.38, 0.38, 0.40
    7. 2015-05-04 01:57:20,831 p=4667 u=root | 10.212.52.14 | success | rc=0 >>
    8. 02:03am up 331 days 8:19, 2 users, load average: 0.08, 0.05, 0.05
    9. 2015-05-04 01:57:20,909 p=4667 u=root | 10.212.52.16 | success | rc=0 >>
    10. 02:05am up 331 days 8:56, 2 users, load average: 0.00, 0.01, 0.05

    更多部分可以参看官方文档

  • 相关阅读:
    Android实现《天女散花》效果(带源码)
    android 自定义(组合)控件 + 自定义控件外观
    Android 实现书籍翻页效果完结篇
    关于Button setOnClickListener 批量增加监听
    Android 小项目之解析如何获取SDCard 内存
    RadioGroup RadioButton 和 自定义对话框(自定义确定和取消)
    拒绝折腾——好用的EmEditor
    jquery ui 出现的诡异问题
    Google的PageRank算法浅析
    JQuery对数组的一些操作总结
  • 原文地址:https://www.cnblogs.com/gaoyuechen/p/7990237.html
Copyright © 2020-2023  润新知