authorized_key 模块
分发 ansible 控制端的 ssh 公钥到远程服务器
常用参数 (=号后面的强制要求):
- = key
指定 ssh 公钥,搭配 lookup 使用,使用语法为:
lookup('plugin_name', 'plugin_argument')
lookup 是 ansible 的一个插件,在 ansible 中使用频率非常高,几乎稍微复杂一点的 playbook 都可能会用上它
实例:authorized_key: key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}" state=present user=root
- state
present 表示添加指定 key 到 authorized_keys 文件中, absent 表示从 authorized_keys 文件中移除指定 key
[Default: present]
- = user
将密钥分发给目标主机上的哪个用户,默认会将公钥写入目标主机的
/home/USERNAME/.ssh/authorized_keys
文件中
- exclusive
是否移除 authorized_keys 文件中其它非指定 key
[Default: no]
type: bool
version_added: 1.9
- key_options
附加到 key 中的字符串
[Default: (null)]
version_added: 1.4
- manage_dir
指定模块是否应该管理 authorized key 文件所在的目录
[Default: yes]
type: bool
version_added: 1.2
- path
authorized_keys 文件存放的位置
[Default: (homedir)+/.ssh/authorized_keys]
version_added: 1.2
实例:
- name: Set authorized key taken from file
authorized_key:
user: charlie
state: present
key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
- name: Set authorized keys taken from url
authorized_key:
user: charlie
state: present
key: https://github.com/charlie.keys
- name: Set authorized key in alternate location
authorized_key:
user: charlie
state: present
key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
path: /etc/ssh/authorized_keys/charlie
manage_dir: False
- name: Set up multiple authorized keys
authorized_key:
user: deploy
state: present
key: '{{ item }}'
with_file:
- public_keys/doe-jane
- public_keys/doe-john
- name: Set authorized key defining key options
authorized_key:
user: charlie
state: present
key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
key_options: 'no-port-forwarding,from="10.0.1.1"'
- name: Set authorized key without validating the TLS/SSL certificates
authorized_key:
user: charlie
state: present
key: https://github.com/user.keys
validate_certs: False
- name: Set authorized key, removing all the authorized keys already set
authorized_key:
user: root
key: '{{ item }}'
state: present
exclusive: True
with_file:
- public_keys/doe-jane
- name: Set authorized key for user ubuntu copying it from current user
authorized_key:
user: ubuntu
state: present
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"