如何以正确的方式将 Ansible playbook 运行到多个服务器? [英] How to run Ansible playbook to multiple servers in a right way?

问题描述

Ansible 使用 ssh 将软件设置到远程主机.

Ansible use ssh to setup softwares to remote hosts.

如果刚安装了一些新机器，在一台主机上运行 Ansible playbook 将无法连接它们，因为远程主机上没有authorized_keys.

If there are some fresh machines just been installed, run Ansible playbook from one host will not connect them because of no authorized_keys on remote hosts.

如果将 Ansible 主机的 pub 密钥复制到这些目标主机，例如:

If copy the Ansible host's pub key to those target hosts like:

$ ssh user@server "echo \"`cat .ssh/id_rsa.pub`\" >> .ssh/authorized_keys"

首先应该 ssh 登录并在每个远程主机上制作文件:

First should ssh login and make file on every remote host:

$ mkdir .ssh
$ touch .ssh/authorized_keys

这是将 Ansible playbook 运行到远程服务器的常用方法吗?有没有更好的方法?

Is this the common way to run Ansible playbook to remote servers? Is there a better way exist?

推荐答案

我认为最好也使用 Ansible，使用 authorized_key 模块.例如，为用户 root 授权您的密钥:

I think it's better to do that using Ansible as well, with the authorized_key module. For example, to authorize your key for user root:

ansible <hosts> -m authorized_key -a "user=root state=present key=\"$(cat ~/.ssh/id_rsa.pub)\"" --ask-pass

这也可以在剧本中完成，目标用户作为默认为 root 的变量:

This can be done in a playbook also, with the target user as a variable that defaults to root:

- hosts: <NEW_HOSTS>
  vars:
  - username: root    

  tasks:
  - name: Add authorized key
    authorized_key: 
      user: "{{ username }}"
      state: present
      key: "{{ lookup('file', '/home/<YOUR_USER>/.ssh/id_rsa.pub') }}"

并执行:

ansible-playbook auth.yml --ask-pass -e username=<TARGET_USER>

你的用户应该有权限，如果没有使用became.

Your user should have privileges, if not use became.

这篇关于如何以正确的方式将 Ansible playbook 运行到多个服务器?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！