是否可以将 Ansibleauthorized_key 与多个密钥独占使用? [英] Is it possible to use Ansible authorized_key exclusive with multiple keys?

问题描述

我刚开始使用 Ansible，并且一直在阅读此处和谷歌，还没有找到答案.

I'm fairly new in using Ansible and have been reading here and google and haven't found an answer yet.

我的情况是，我在服务器上有 1 个用户，但需要将 2-3 个不同的公钥放入它的 authorized_keys 文件中.

My scenario is that I have 1 user on a server but 2-3 different pub keys that need to put in it's authorized_keys file.

我可以成功删除所有密钥，或使用此脚本添加所有密钥:

I can successfully remove all keys, or add all keys with this script:

---
  - hosts: all

 tasks:
  - name: update SSH keys
    authorized_key:
     user: <user>
     key: "{{ lookup('file', item) }}"
     state: present
     #exclusive: yes
    with_fileglob:
      - ../files/pub_keys/*.pub

使用 present 标志，它读取并添加所有键.使用 absent 标志，它会删除列出的所有键.

With the present flag it reads and adds all the keys. With the absent flag it removes all keys listed.

问题是我有一个仅在服务器上的旧密钥，我想删除/覆盖它，并在将来的部署中覆盖可能在服务器上而不是在我的剧本中的任何未经授权的密钥.

Problem is that I have an old key that is only on the server and I want to remove/overwrite it and for future deployments overwrite any unauthorized keys that might be on the server and not in my playbook.

使用 exclusive 标志，它只需要最后一个键并添加它.如果它可以循环并递归地添加所有键，那就太棒了.如果在 Ansible 中有一种方法可以做到这一点，我还没有找到.

With the exclusive flag it only takes the last key and adds it. This would be fantastic if it would loop and recusively add all the keys. If there is a way to do this in Ansible I have not found it.

有什么方法可以循环遍历 pub 文件并同时使用 exclusive 选项?

Is there any way to loop over pub files and use the exclusive option at the same time?

推荐答案

有没有办法循环遍历 pub 文件并同时使用独占选项?

没有.docs 中有关于循环和排他性的说明:

No. There is a note about loops and exclusive in the docs:

exclusive:是否从authorized_keys 文件中删除所有其他未指定的密钥.通过用换行符分隔多个键，可以在单个键字符串值中指定多个键.此选项不支持循环，因此如果您使用 with_ ，它将在循环的每次迭代中独占，如果您希望文件中有多个键，则需要将它们全部传递给上述单个批处理中的键.

exclusive: Whether to remove all other non-specified keys from the authorized_keys file. Multiple keys can be specified in a single key string value by separating them by newlines. This option is not loop aware, so if you use with_ , it will be exclusive per iteration of the loop, if you want multiple keys in the file you need to pass them all to key in a single batch as mentioned above.

因此您需要加入所有密钥并一次发送所有密钥.
像这样:

So you need to join all your keys and send all them at once.
Something like this:

- name: update SSH keys
  authorized_key:
    user: <user>
    key: "{{ lookup('pipe','cat ../files/pub_keys/*.pub') }}"
    state: present
    exclusive: yes

在生产中运行之前检查此代码！

这篇关于是否可以将 Ansibleauthorized_key 与多个密钥独占使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！