我已经创建了一个使用ansible的用户,现在想将.ssh/id_rsa.pub文件复制到authorized_keys文件中。ansible - 将密钥复制到授权密钥文件
我检查了authorized_keys模块,但用于将主机上的密钥复制到guest虚拟机。
想知道什么是正确的做法。
- name: Adding user - {{ user }}
user: name={{ user }}
group={{ group }}
shell=/bin/bash
password=${password}
groups=sudo
append=yes
generate_ssh_key=yes
ssh_key_bits=2048
ssh_key_file=.ssh/id_rsa
生成的密钥由user模块返回,这样你就可以register的结果,然后在随后的authorized_key任务中使用的关键。也就是说,如果我有这样的一个剧本:
- hosts: localhost
tasks:
- name: add user
user:
name: testuser
shell: /bin/bash
password: secret
append: yes
generate_ssh_key: yes
ssh_key_bits: 2048
register: newuser
- debug:
var: newuser
我将看到输出类似:
TASK [debug] *******************************************************************
ok: [localhost] => {
"newuser": {
"append": true,
"changed": true,
"comment": "",
"group": 21946,
"home": "/home/testuser",
"move_home": false,
"name": "testuser",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"ssh_fingerprint": "2048 SHA256:Tn6UOl/WYToJCaW3QUnLMWgEfthILIsoCP+534qWzfw ansible-generated on lkellogg-pc0dzzve (RSA)",
"ssh_key_file": "/home/testuser/.ssh/id_rsa",
"ssh_public_key": "ssh-rsa ... ansible-generated on examplehost",
"state": "present",
"uid": 21940
}
}
所以,你可以添加这样一个任务:
- authorized_key:
user: root
state: present
key: "{{ newuser.ssh_public_key }}"