将多个公钥与Ansible结合使用 [英] Combine multiple public keys with Ansible

问题描述

如何将多个ssh公钥结合使用以与Ansible的authorized_key模块一起使用?

How can I combine multiple ssh public keys to use with Ansible's authorized_key module?

我有包含用户和密钥的变量文件:

I have variables file containing users and keys:

ssh_users:
  - name: peter
    keys:
      - 'ssh-rsa AAAAB3NzaC1yc2EAAA peter@key1'
      - 'ssh-rsa AAAABsgsdfgyc2EAAA peter@key2'
    root: yes

  - name: paul
    keys:
      - 'ssh-rsa AAAAB3Nzaafac2EAAA paul@key1'
    root: no

我想遍历此列表，挑选出具有"root:yes"的用户(及其密钥)，并将它们组合起来以更新root用户的authorized_keys文件.

I'd like to go over this list, pick out users (and their keys) which have 'root: yes' and combine them to update root user's authorized_keys file.

这不起作用:

- name: lookup keys
  set_fact:
    keylist: "{{ item.keys }}"
  with_items: "{{ ssh_users }}"
  when: item.root == true
  register: result

 - name: make a list
   set_fact:
     splitlist: "{{ result.results | 
  selectattr('ansible_facts','defined') | map(attribute='ansible_facts.keylist') | list | join('\n') }}"

 - name: update SSH authorized_keys
   authorized_key:
     user: root
     key: "{{ splitlist }}"
     state: present
     exclusive: yes

推荐答案

您可以使用Jinja selectattr和map过滤器来获得所需的内容，如下所示:

You can get what you want using the Jinja selectattr and map filters, like this:

---
- hosts: localhost
  gather_facts: false

  vars:
    # Here's our data: two users with 'root' access,
    # one without. We expect to see three public keys in
    # the resulting authorized_keys file.
    #
    # Note that I've renamed the "keys" key to "pubkeys", because
    # otherwise it conflicts with the "keys" method of dictionary
    # objects (leading to errors when you try to access something
    # like item.keys).
    ssh_users:
      - name: alice
        pubkeys:
          - 'ssh-rsa alice-key-1 alice@key1'
        root: true

      - name: peter
        pubkeys:
          - 'ssh-rsa peter-key-1 peter@key1'
          - 'ssh-rsa peter-key-2 peter@key2'
        root: true

      - name: paul
        pubkeys:
          - 'ssh-rsa paul-key-1 paul@key1'
        root: false

  tasks:
    - become: true
      authorized_key:
        user: root
        key: "{{ '\n'.join(ssh_users|selectattr('root')|map(attribute='pubkeys')|flatten) }}"
        state: present
        exclusive: true

在authorized_key任务中，我们首先使用selectattr过滤器提取具有root访问权限的用户.我们将其传递给map过滤器以仅提取pubkeys属性，这将为我们提供两个列表(一个带有一个键，另一个带有两个键).最后，我们将其传递给flatten过滤器以创建单个列表，然后将结果键与换行符连接以匹配authorized_key模块期望的输入格式.生成的.ssh/authorized_keys文件如下所示:

In the authorized_key task, we first use the selectattr filter to extract those users with root access. We pass that to the map filter to extract just the pubkeys attribute, which would give us two lists (one with one key, the other with two keys). Finally, we pass that to the flatten filter to create a single list, and then join the resulting keys with newlines to match the input format expected by the authorized_key module. The resulting .ssh/authorized_keys file looks like:

ssh-rsa alice-key-1 alice@key1
ssh-rsa peter-key-1 peter@key1
ssh-rsa peter-key-2 peter@key2

这篇关于将多个公钥与Ansible结合使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！