在 ansible playbook 文件中指定 ssh 密钥 [英] Specifying ssh key in ansible playbook file
问题描述
Ansible playbook 可以在命令行中使用 --key-file 指定用于 ssh 连接的密钥.
Ansible playbook can specify the key used for ssh connection using --key-file on the command line.
ansible-playbook -i hosts playbook.yml --key-file "~/.ssh/mykey.pem"
是否可以在 playbook 文件中指定此密钥的位置,而不是在命令行中使用 --key-file?
Is it possible to specify the location of this key in playbook file instead of using --key-file on command line?
因为我想把这个key的位置写到一个var.yaml文件中,这个文件会被带有vars_files:的ansible playbook读取.
Because I want to write the location of this key into a var.yaml file, which will be read by ansible playbook with vars_files:.
以下是我的配置部分:
vars.yml 文件
vars.yml file
key1: ~/.ssh/mykey1.pem
key2: ~/.ssh/mykey2.pem
playbook.yml 文件
playbook.yml file
---
- hosts: myHost
remote_user: ubuntu
key_file: {{ key1 }} # This is not a valid syntax in ansible. Does there exist this kind of directive which allows me to specify the ssh key used for this connection?
vars_files:
- vars.yml
tasks:
- name: Echo a hello message
command: echo hello
我尝试在 vars 下添加 ansible_ssh_private_key_file.但它在我的机器上不起作用.
I've tried adding ansible_ssh_private_key_file under vars. But it doesn't work on my machine.
vars_files:
- vars.yml
vars:
ansible_ssh_private_key_file: "{{ key1 }}"
tasks:
- name: Echo a hello message
command: echo hello
如果我使用上面的 playbook.yml 运行 ansible-playbook.我收到以下错误:
If I run ansible-playbook with the playbook.yml above. I got the following error:
TASK [Gathering Facts] ******************************************************************************************************************************
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/system/setup.py
<192.168.5.100> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<192.168.5.100> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/Users/myName/.ansible/cp/2d18691789 192.168.5.100 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.5.100> (255, '', 'Permission denied (publickey).\r\n')
fatal: [192.168.5.100]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
"unreachable": true
}
to retry, use: --limit @/Users/myName/playbook.retry
我在 ssh 命令中找不到我的密钥文件的名称.很奇怪.
I don't find the name of my key file in the ssh command. It's strange.
推荐答案
您要查找的变量名称是 ansible_ssh_private_key_file.
The variable name you're looking for is ansible_ssh_private_key_file.
您应该将其设置为vars"级别:
You should set it at 'vars' level:
在清单文件中:
in the inventory file:
myHost ansible_ssh_private_key_file=~/.ssh/mykey1.pem
myOtherHost ansible_ssh_private_key_file=~/.ssh/mykey2.pem
在host_vars中:
# host_vars/myHost.yml
ansible_ssh_private_key_file: ~/.ssh/mykey1.pem
# host_vars/myOtherHost.yml
ansible_ssh_private_key_file: ~/.ssh/mykey2.pem
在 group_vars 文件中,如果您对一组主机使用相同的密钥
in a group_vars file if you use the same key for a group of hosts
在剧中条目的 vars 部分:
in the vars section of an entry in a play:
- hosts: myHost
remote_user: ubuntu
vars_files:
- vars.yml
vars:
ansible_ssh_private_key_file: "{{ key1 }}"
tasks:
- name: Echo a hello message
command: echo hello
在游戏条目(任务)中设置事实:
- name: 'you name it'
ansible.builtin.set_fact:
ansible_ssh_private_key_file: "{{ key1 }}"
这篇关于在 ansible playbook 文件中指定 ssh 密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
