试图使用authorized_key模块允许一台远程服务器登录到其他三台远程服务器

问题描述 投票:0回答:2

我正在尝试使用aurthorized_key ansible模块将我的Jump ec2实例公共密钥(id_rsa.pub)插入其他3个远程服务器的自动密钥文件中,以便我登录到它们。但我一直收到此错误:

WARNING]: Unable to find '/home/ec2-user/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
[WARNING]: Unable to find '/home/ec2-user/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
fatal: [dev]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/ec2-user/.ssh/id_rsa.pub"}
fatal: [prod]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/ec2-user/.ssh/id_rsa.pub"}
[WARNING]: Unable to find '/home/ec2-user/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
fatal: [jenkins]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/ec2-user/.ssh/id_rsa.pub"}
[WARNING]: Unable to find '/home/ec2-user/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
fatal: [jump]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/ec2-user/.ssh/id_rsa.pub"}

这是我的烦人的剧本:

tasks:
  - name: Set hostname
    hostname:
      name:   "{{inventory_hostname}}"


  - openssh_keypair:
      path: /home/ec2-user/.ssh/id_rsa.pub
    when: inventory_hostname == 'jump'


  - name: Fetching file to install ssh keys
    fetch:
      src: /home/ec2-user/.ssh/id_rsa.pub
      dest: /tmp/id_rsa.pub

  - name: Set authorized key taken from file
    authorized_key:
      user: jump
      state: present
      key: "{{ lookup('file', '/home/ec2-user/.ssh/id_rsa.pub') }}"
amazon-web-services amazon-ec2 ssh ansible
2个回答
0
投票

这期望/home/ec2-user/.ssh/id_rsa.pub位于具有当前用户可读权限的本地计算机(正在运行ansible的计算机上。)>

似乎主机名称为“ jump”的情况下您有第一个任务的条件,然后继续假设该文件已存在用于其他任务。

确认以下内容:

  • [jump以外的所有主机名在路径/home/ec2-user/.ssh/id_rsa.pub中都有一个发布密钥。
  • 主机名称可解析为jump

    • 也作为建议,如果您一直在生成此内容,但是应该是相同的密钥,则可以考虑将内容安全地存储在Ansible Vault

0
投票
- openssh_keypair:
      path: /home/ec2-user/.ssh/id_rsa
    when: inventory_hostname == 'jump'


  - name: Fetching file to install ssh keys
    fetch:
      src: /home/ec2-user/.ssh/id_rsa.pub
      dest: /tmp/id_rsa.pub
      flat: yes
    when: inventory_hostname == 'jump'

  - name: Set authorized key taken from file
    authorized_key:
      user: ec2-user
      state: present
      key: "{{ lookup('file', '/tmp/id_rsa.pub') }}"
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.