新搭的机器, 达到百以上级别的机器, 怎么实现批量化管理呢? 第一步当然快速部署公钥, 实现免密码登陆
演示一下比较烦的情况:
ssh 127.0.0.1 得输入 yes, 然后再输入密码才能登录
cat .ssh/known_hosts
自动化的部分:
Are you sure you want to continue connecting (yes/no)? yes
root@127.0.0.1's password:
免手工输入 yes
/etc/ansible/hosts,ansible 配置文件:
- 128.127.0.0.1
- 172.16.0.3
- 192.168.1.106
/etc/ssh/ssh_config 配置文件添加:
StrictHostKeyChecking no
运行:
ansible all -m ping
配置文件修改回原来的:
StrictHostKeyChecking ask
验证:
- cat .ssh/known_hosts
- ssh 172.16.0.3
使用密码批量操作机器 (一开始机器无公钥)
- $ cat host
- [nginx]
- nginx_127 ansible_ssh_port=22 ansible_ssh_host=127.0.0.1 ansible_ssh_pass=123456 host_key_checking=false ansible_sudo_pass='123456'
- [mysql]
- mysql_172 ansible_ssh_port=22 ansible_ssh_host=172.16.0.3 ansible_ssh_pass=123456 host_key_checking=false ansible_sudo_pass='123456'
测试:
ansible -i host all -m shell -a "pwd" --user user1
批量添加公钥
- ansible all -m script -a "/usr/local/src/script"
- chmod +x /usr/local/src/script
- /usr/local/src/script(可写)
- #!/bin/sh
- mkdir /root/.ssh
- chmod 700 /root/.ssh
- echo '公钥'>>/root/.ssh/authorized_keys #这一行的话需要改, 改成自己的公钥 (就是. pub 文件)
- chmod 600 /root/.ssh/authorized_keys
补充: 如果是用普通用户来管理的, 需要批量创建用户和添加 sudo 权限
配置文件去除密码
- [nginx]
- nginx_127 ansible_ssh_port=22 ansible_ssh_host=127.0.0.1 ansible_sudo_pass='123456'
- [mysql]
- mysql_172 ansible_ssh_port=22 ansible_ssh_host=172.16.0.3 ansible_sudo_pass='123456'
验证:
ansible -i hosts all -m shell -a 'pwd' --user djidba --private-key=/home/user1/.ssh/id_rsa
来源: http://www.bubuko.com/infodetail-2662580.html