如何使用Ansible为多台服务器上的多个用户部署多个ssh_密钥?
我的环境由2台web服务器和2台db服务器组成 我的团队中有一个新的开发人员。我需要在每台服务器上部署他的ssh密钥 他必须能够在web服务器上与用户如何使用Ansible为多台服务器上的多个用户部署多个ssh_密钥?,ansible,multiple-instances,ansible-playbook,authorized-keys,Ansible,Multiple Instances,Ansible Playbook,Authorized Keys,我的环境由2台web服务器和2台db服务器组成 我的团队中有一个新的开发人员。我需要在每台服务器上部署他的ssh密钥 他必须能够在web服务器上与用户ubuntu和www-data连接,并在db服务器上与用户ubuntu连接 我的服务器配置了Ansible 我该怎么做呢?我通过创建一个ssh密钥任务解决了这个问题,就像这样 在角色/ssh键/tasks/main.yml中: --- - name: add authorized key authorized_key: user={{ item
ubuntuwww-dataubuntu我该怎么做呢?我通过创建一个ssh密钥任务解决了这个问题,就像这样 在
角色/ssh键/tasks/main.yml---
- name: add authorized key
authorized_key: user={{ item }} key="{{ lookup('file', 'authorized_keys') }}"
with_items: authorized_ssh_users
when: authorized_ssh_users is defined
- name: Provision ssh keys
hosts: all
sudo: true
roles:
- ssh-keys
角色/ssh密钥/文件/授权密钥中ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[ssh_pub_key_of_dev1] dev1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[ssh_pub_key_of_dev2] dev2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[ssh_pub_key_of_dev3] dev3
[webservers]
webserv1-hostname
webserv2-hostname
[webservers:vars]
authorized_ssh_users=['ubuntu','www-data']
[dbservers]
dbserv1-hostname
dbserv2-hostname
[dbservers:vars]
authorized_ssh_users=['ubuntu']
playbook.yml---
- name: add authorized key
authorized_key: user={{ item }} key="{{ lookup('file', 'authorized_keys') }}"
with_items: authorized_ssh_users
when: authorized_ssh_users is defined
- name: Provision ssh keys
hosts: all
sudo: true
roles:
- ssh-keys
有了这个解决方案,我可以管理要部署密钥的服务器/用户的每个组合。我通过创建一个ssh密钥任务解决了这个问题,就像这样 在
角色/ssh键/tasks/main.yml---
- name: add authorized key
authorized_key: user={{ item }} key="{{ lookup('file', 'authorized_keys') }}"
with_items: authorized_ssh_users
when: authorized_ssh_users is defined
- name: Provision ssh keys
hosts: all
sudo: true
roles:
- ssh-keys
角色/ssh密钥/文件/授权密钥中ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[ssh_pub_key_of_dev1] dev1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[ssh_pub_key_of_dev2] dev2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[ssh_pub_key_of_dev3] dev3
[webservers]
webserv1-hostname
webserv2-hostname
[webservers:vars]
authorized_ssh_users=['ubuntu','www-data']
[dbservers]
dbserv1-hostname
dbserv2-hostname
[dbservers:vars]
authorized_ssh_users=['ubuntu']
playbook.yml---
- name: add authorized key
authorized_key: user={{ item }} key="{{ lookup('file', 'authorized_keys') }}"
with_items: authorized_ssh_users
when: authorized_ssh_users is defined
- name: Provision ssh keys
hosts: all
sudo: true
roles:
- ssh-keys
使用此解决方案,我可以管理要部署密钥的服务器/用户的每个组合。此角色将非常适合您。正在努力将其导入Galaxy,但由于某些原因它无法导入 此角色的设置使您只需为所需的用户和组以及任何要删除的用户传入变量,如下所示:
---
- hosts: all
sudo: yes
roles:
- scott.miller171.manage_users
vars:
- manage_users_allowed:
- name: foo
authorized:
- "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlPYybp3CWDzRPo0uF/woyqkfhpZK2T7zn16z+fGYlRQl6gXATIUB4JYfr9pfD+SOW2T4X78P+/h1o4QPCwoesLacaFEFGwUb+SzhVVm6B6q4WMAiJWD6OVXh+SVVvD9rdcz5RMVLqQngrRqBlj4kBIMQ3S8h1cCESbR2P6jszgFj0I6p3tQCpo9yjcVwLqvWFKJgzEm2E2wV/gmrc0PhVRP2guIRN4p6M2ZyIPprdZ6PA8m7Rs4yN3jQ/0alrQ23ECCU4lHoVG9fwvLIq1vh4ikPcUrdA8sSHTE1pkpzvrTv7FtkuUcBrDMedFE7E8dB9pPS+vXIBWVUYJhp9WzVkQ== user@domain.com"
- manage_users_unauthorized:
- foobar
- manage_users_groups: "sudo,adm,dialout,cdrom,floppy,audio,video,plugdev"
这个角色将非常适合你。正在努力将其导入Galaxy,但由于某些原因它无法导入 此角色的设置使您只需为所需的用户和组以及任何要删除的用户传入变量,如下所示:
---
- hosts: all
sudo: yes
roles:
- scott.miller171.manage_users
vars:
- manage_users_allowed:
- name: foo
authorized:
- "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlPYybp3CWDzRPo0uF/woyqkfhpZK2T7zn16z+fGYlRQl6gXATIUB4JYfr9pfD+SOW2T4X78P+/h1o4QPCwoesLacaFEFGwUb+SzhVVm6B6q4WMAiJWD6OVXh+SVVvD9rdcz5RMVLqQngrRqBlj4kBIMQ3S8h1cCESbR2P6jszgFj0I6p3tQCpo9yjcVwLqvWFKJgzEm2E2wV/gmrc0PhVRP2guIRN4p6M2ZyIPprdZ6PA8m7Rs4yN3jQ/0alrQ23ECCU4lHoVG9fwvLIq1vh4ikPcUrdA8sSHTE1pkpzvrTv7FtkuUcBrDMedFE7E8dB9pPS+vXIBWVUYJhp9WzVkQ== user@domain.com"
- manage_users_unauthorized:
- foobar
- manage_users_groups: "sudo,adm,dialout,cdrom,floppy,audio,video,plugdev"
你的
ubuntusudoubuntusudo