是否可以将Ansibleauthorized_key与多个密钥一起使用? [英] Is it possible to use Ansible authorized_key exclusive with multiple keys?

问题描述

我在使用Ansible方面还很陌生，并且一直在此处阅读和google，但尚未找到答案.

I'm fairly new in using Ansible and have been reading here and google and haven't found an answer yet.

我的情况是，我在服务器上有1个用户，但是需要在authorized_keys文件中放入2-3个不同的发布密钥.

My scenario is that I have 1 user on a server but 2-3 different pub keys that need to put in it's authorized_keys file.

我可以成功删除所有密钥，或使用此脚本添加所有密钥:

I can successfully remove all keys, or add all keys with this script:

---
  - hosts: all

 tasks:
  - name: update SSH keys
    authorized_key:
     user: <user>
     key: "{{ lookup('file', item) }}"
     state: present
     #exclusive: yes
    with_fileglob:
      - ../files/pub_keys/*.pub

使用present标志读取并添加所有键.使用absent标志，它会删除列出的所有键.

With the present flag it reads and adds all the keys. With the absent flag it removes all keys listed.

问题是我有一个仅在服务器上的旧密钥，我想删除/覆盖它，并为将来的部署覆盖服务器上而非我的剧本上的所有未授权密钥.

Problem is that I have an old key that is only on the server and I want to remove/overwrite it and for future deployments overwrite any unauthorized keys that might be on the server and not in my playbook.

使用exclusive标志，它仅获取最后一个密钥并将其添加.如果它将循环并回溯地添加所有键，那将是很棒的.如果在Ansible中有办法做到这一点，我还没有找到它.

With the exclusive flag it only takes the last key and adds it. This would be fantastic if it would loop and recusively add all the keys. If there is a way to do this in Ansible I have not found it.

有没有办法遍历发布文件并同时使用exclusive选项?

Is there any way to loop over pub files and use the exclusive option at the same time?

推荐答案

有没有办法遍历pub文件并同时使用独占选项?

不. 文档:

专有::是否从authorized_keys文件中删除所有其他未指定的密钥.通过用换行符分隔多个键，可以在单个键字符串值中指定多个键. 此选项不是循环感知的，因此，如果使用with_，它将在循环的每次迭代中独占使用，如果要在文件中使用多个密钥，则需要如上所述将它们全部传递给单个批处理中的密钥.

exclusive: Whether to remove all other non-specified keys from the authorized_keys file. Multiple keys can be specified in a single key string value by separating them by newlines. This option is not loop aware, so if you use with_ , it will be exclusive per iteration of the loop, if you want multiple keys in the file you need to pass them all to key in a single batch as mentioned above.

因此，您需要加入所有密钥并一次发送所有密钥.
像这样:

So you need to join all your keys and send all them at once.
Something like this:

- name: update SSH keys
  authorized_key:
    user: <user>
    key: "{{ lookup('pipe','cat ../files/pub_keys/*.pub') }}"
    state: present
    exclusive: yes

在生产环境中运行之前检查此代码！

这篇关于是否可以将Ansibleauthorized_key与多个密钥一起使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！