在Ansible剧本文件中指定SSH密钥 [英] Specifying ssh key in ansible playbook file

问题描述

Ansible剧本可以在命令行上使用--key-file指定用于ssh连接的密钥.

Ansible playbook can specify the key used for ssh connection using --key-file on the command line.

ansible-playbook -i hosts playbook.yml --key-file "~/.ssh/mykey.pem"

是否可以指定此键在剧本文件中的位置，而不是在命令行上使用--key-file?

Is it possible to specify the location of this key in playbook file instead of using --key-file on command line?

因为我想将此密钥的位置写入一个var.yaml文件，该文件将由具有vars_files:的ansible剧本读取.

Because I want to write the location of this key into a var.yaml file, which will be read by ansible playbook with vars_files:.

以下是我的配置的一部分:

The followings are parts of my configuration:

vars.yml文件

vars.yml file

key1: ~/.ssh/mykey1.pem
key2: ~/.ssh/mykey2.pem

playbook.yml文件

playbook.yml file

---

- hosts: myHost
  remote_user: ubuntu
  key_file: {{ key1 }}  # This is not a valid syntax in ansible. Does there exist this kind of directive which allows me to specify the ssh key used for this connection?
  vars_files:
    - vars.yml
  tasks:
    - name: Echo a hello message
      command: echo hello

我尝试在vars下添加ansible_ssh_private_key_file.但这在我的机器上不起作用.

I've tried adding ansible_ssh_private_key_file under vars. But it doesn't work on my machine.

vars_files:
  - vars.yml
vars:
  ansible_ssh_private_key_file: "{{ key1 }}"
tasks:
  - name: Echo a hello message
    command: echo hello

如果我使用上面的playbook.yml运行ansible-playbook.我收到以下错误:

If I run ansible-playbook with the playbook.yml above. I got the following error:

TASK [Gathering Facts] ******************************************************************************************************************************
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/system/setup.py
<192.168.5.100> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<192.168.5.100> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/Users/myName/.ansible/cp/2d18691789 192.168.5.100 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.5.100> (255, '', 'Permission denied (publickey).\r\n')
fatal: [192.168.5.100]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
    "unreachable": true
}
    to retry, use: --limit @/Users/myName/playbook.retry

在ssh命令中找不到我的密钥文件的名称.真奇怪.

I don't find the name of my key file in the ssh command. It's strange.

推荐答案

您要查找的变量名称是ansible_ssh_private_key_file.

The variable name you're looking for is ansible_ssh_private_key_file.

您应该将其设置为"vars"级别:

You should set it at 'vars' level:

• 在清单文件中:

• in the inventory file:

myHost ansible_ssh_private_key_file=~/.ssh/mykey1.pem
myOtherHost ansible_ssh_private_key_file=~/.ssh/mykey2.pem

>中的

:

in the host_vars:

# hosts_vars/myHost.yml
ansible_ssh_private_key_file: ~/.ssh/mykey1.pem

# hosts_vars/myOtherHost.yml
ansible_ssh_private_key_file: ~/.ssh/mykey2.pem

group_vars文件中的

(如果您对一组主机使用相同的密钥)

in a group_vars file if you use the same key for a group of hosts

在您播放的vars部分中:

- hosts: myHost
  remote_user: ubuntu
  vars_files:
    - vars.yml
  vars:
    ansible_ssh_private_key_file: "{{ key1 }}"
  tasks:
    - name: Echo a hello message
      command: echo hello

库存文档

这篇关于在Ansible剧本文件中指定SSH密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！