如何解决无法使用Ansible Authorized_key模块将公钥添加到目标主机
-
我具有对ServerA(单个服务器)[IP:142.5.5.55]的完全访问权限,我在其中拥有我的公共密钥
/app/serverA/mw.pub。该服务器可以从我运行自动化的地方访问。 -
我通过ansible ServerA与ssh到3台服务器[IP:11.1.1.220、11.1.1.221、11.1.1.222]进行ssh无密码连接,我们将这3台服务器称为jump_nodes
-
最后,我有一个称为目标主机的主机[IP:192.0.0.200、192.0.0.201、192.0.0.202],我们将其命名为dest_nodes,我们希望将其插入公共密钥
mw.pub。只有jump_nodes可以连接到dest_nodes。
因此:
ServerA(ansible) ---------------------> jump_nodes --------------------> dest_nodes
copy to ~/mw.pub inject ~/mw.pub
我可以使用以下剧本将公钥mw.pub复制到〜/ mw.pub下的所有jump_nodes。
除了以下几点以外,所有的好处就是失败了:
我现在希望将~/mw.pub从跳转服务器注入到目标主机,即曾经连接的dest_nodes。
我的剧本:
---
- name: "Play 1"
hosts: localhost
gather_facts: false
tags: always
tasks:
- name: Add host
debug:
msg: " hello "
- set_fact:
jump_server_list: "{{ JUMP_SERVER | trim }}"
- set_fact:
target_server_list: "{{ TARGET_SERVER | trim }}"
- add_host:
hostname: "{{ item }}"
groups: jump_nodes
with_items: "{{ jump_server_list.split('\n') }}"
- add_host:
hostname: "{{ item }}"
groups: dest_nodes
with_items: "{{ target_server_list.split('\n') }}"
- name: "Play 2"
hosts: dest_nodes
user: root
ignore_unreachable: yes
vars:
ansible_ssh_extra_args: -o StrictHostKeyChecking=no
ansible_ssh_private_key_file: /app/id_rsa
gather_facts: true
tasks:
- name: copy ssh public key to a file on jump servers
raw: "echo {{ TARGET_KEY }}>~/mw.pub"
run_once: True
delegate_to: "{{ item }}"
with_items: "{{ groups['jump_nodes'] }}"
- name: Set authorized key taken from file
ignore_errors: yes
authorized_key:
user: "{{ TARGET_USER }}"
state: present
key: "{{ lookup('file','~/mw.pub') }}"
register: keystatus
delegate_to: "{{ item }}"
with_items: "{{ groups['jump_nodes'] }}"
- debug:
msg: "CHECK STATUS {{ keystatus }}"
ignore_errors: yes
输出:
TASK [copy ssh public key to a file on jump servers] *******************************************************************************************************************
task path: /app/injectkeys/injectsshkeys.yml:40
<11.1.1.220> ESTABLISH SSH CONNECTION FOR USER: root
<11.1.1.220> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/app/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ControlPath=/home/axmwapp/.ansible/cp/42c5d2e05f -tt 11.1.1.220 'echo ssh-rsa PPPPB3NzaC1yc2EPPPPDAQABAAABAQDQGeUOA0vJK1AXSp3UKK1KF4VnFzmcrCoM4Ha7jx49DGPkGuNgS4ZKYYGiAl7FDhwtysvUF6JSl1l3Gxrki3nLDmGYUHbzNCU0qghOw85gbr++W+b+VfEZEnzTE8VPjAgR/JvQItLd2F8PGGlZBwDUXOIvuw8Acqft0nErDkPkKApJcn302qHtOc9R1mFff/GuD6WL6gjPF0gZsEkxHq+FObdsuUzndon0SR3SPeoF/oKA2CVy15+ea6wZnAYqCCppbdgZYR9uSZlMnvwMGT2g3Au+kL2dls3aRYQm6ZH0IrOpfn8M+BaPCcpWppE64XSPZlkU+3mIe2riG4IyIE75 it@shop.com>~/mw.pub'
<11.1.1.220> (0,'','Shared connection to 11.1.1.220 closed.\r\n')
changed: [192.0.0.200 -> 11.1.1.220] => (item=11.1.1.220) => {
"ansible_loop_var": "item","changed": true,"item": "11.1.1.220","rc": 0,"stderr": "Shared connection to 11.1.1.220 closed.\r\n","stderr_lines": [
"Shared connection to 11.1.1.220 closed."
],"stdout": "","stdout_lines": []
}
TASK [Set authorized key taken from file] ******************************************************************************************************************************
task path: /app/injectkeys/injectsshkeys.yml:46
[WARNING]: Unable to find '~/mw.pub' in expected paths (use -vvvvv to see paths)
fatal: [192.0.0.200]: Failed! => {
"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>,original message: Could not locate file in lookup: ~/mw.pub"
}
...ignoring
TASK [debug] ***********************************************************************************************************************************************************
task path: /app/injectkeys/injectsshkeys.yml:57
ok: [192.0.0.200] => {
"msg": "CHECK STATUS {'msg': u\"An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>,original message: Could not locate file in lookup: ~/mw.pub\",'Failed': True}"
}
Meta: ran handlers
Meta: ran handlers
下面是我运行剧本的方式
ansible-playbook /app/injectkeys/injectsshkeys.yml -f 5 -e JUMP_SERVER='11.1.1.220' -e TARGET_SERVER='192.0.0.200' -e TARGET_USER='root' -e TARGET_KEY="'ssh-rsa PPPPB3NzaC1yc2EPPPPDAQABAAABAQDQGeUOA0vJK1AXSp3UKK1KF4VnFzmcrCoM4Ha7jx49DGPkGuNgS4ZKYYGiAl7FDhwtysvUF6JSl1l3Gxrki3nLDmGYUHbzNCU0qghOw85gbr++W+b+VfEZEnzTE8VPjAgR/JvQItLd2F8PGGlZBwDUXOIvuw8Acqft0nErDkPkKApJcn302qHtOc9R1mFff/GuD6WL6gjPF0gZsEkxHq+FObdsuUzndon0SR3SPeoF/oKA2CVy15+ea6wZnAYqCCppbdgZYR9uSZlMnvwMGT2g3Au+kL2dls3aRYQm6ZH0IrOpfn8M+BaPCcpWppE64XSPZlkU+3mIe2riG4IyIE75 it@shop.com'" -vvv
从输出中可以看到,尽管有~/mw.pub,它仍在dest_nodes上寻找delegate_to: jump_nodes,即当应在11.1上查找时,它在dest_nodes 192.0.0.200上寻找~/mw.pub。 .1.220,然后将其注入192.0.0.200。
请问我该如何解决?
解决方法
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。