是否可以将Ansibleauthorized_key与多个密钥一起使用? [英] Is it possible to use Ansible authorized_key exclusive with multiple keys?
问题描述
我在使用Ansible方面还很陌生,并且一直在此处阅读和google,但尚未找到答案.
I'm fairly new in using Ansible and have been reading here and google and haven't found an answer yet.
我的情况是,我在服务器上有1个用户,但是需要在authorized_keys文件中放入2-3个不同的发布密钥.
My scenario is that I have 1 user on a server but 2-3 different pub keys that need to put in it's authorized_keys file.
我可以成功删除所有密钥,或使用此脚本添加所有密钥:
I can successfully remove all keys, or add all keys with this script:
---
- hosts: all
tasks:
- name: update SSH keys
authorized_key:
user: <user>
key: "{{ lookup('file', item) }}"
state: present
#exclusive: yes
with_fileglob:
- ../files/pub_keys/*.pub
使用present
标志读取并添加所有键.使用absent
标志,它会删除列出的所有键.
With the present
flag it reads and adds all the keys. With the absent
flag it removes all keys listed.
问题是我有一个仅在服务器上的旧密钥,我想删除/覆盖它,并为将来的部署覆盖服务器上而非我的剧本上的所有未授权密钥.
Problem is that I have an old key that is only on the server and I want to remove/overwrite it and for future deployments overwrite any unauthorized keys that might be on the server and not in my playbook.
使用exclusive
标志,它仅获取最后一个密钥并将其添加.如果它将循环并回溯地添加所有键,那将是很棒的.如果在Ansible中有办法做到这一点,我还没有找到它.
With the exclusive
flag it only takes the last key and adds it. This would be fantastic if it would loop and recusively add all the keys. If there is a way to do this in Ansible I have not found it.
有没有办法遍历发布文件并同时使用exclusive
选项?
Is there any way to loop over pub files and use the exclusive
option at the same time?
推荐答案
有没有办法遍历pub文件并同时使用独占选项?
不. 文档:
专有::是否从authorized_keys文件中删除所有其他未指定的密钥.通过用换行符分隔多个键,可以在单个键字符串值中指定多个键. 此选项不是循环感知的,因此,如果使用with_,它将在循环的每次迭代中独占使用,如果要在文件中使用多个密钥,则需要如上所述将它们全部传递给单个批处理中的密钥.
exclusive: Whether to remove all other non-specified keys from the authorized_keys file. Multiple keys can be specified in a single key string value by separating them by newlines. This option is not loop aware, so if you use with_ , it will be exclusive per iteration of the loop, if you want multiple keys in the file you need to pass them all to key in a single batch as mentioned above.
因此,您需要加入所有密钥并一次发送所有密钥.
像这样:
So you need to join all your keys and send all them at once.
Something like this:
- name: update SSH keys
authorized_key:
user: <user>
key: "{{ lookup('pipe','cat ../files/pub_keys/*.pub') }}"
state: present
exclusive: yes
在生产环境中运行之前检查此代码!
这篇关于是否可以将Ansibleauthorized_key与多个密钥一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!