admin管理员组文章数量:1201362
i`m trying to made ansible role that will ( make if not exist, have'nt made yet ) distribute ssh pubkeys from one host group to another. Users setups in inventory, at this point i suppose that "source" user only root, for easier debug. "recipient" user setted in inventory.
At this point i have tried local file throught fetch-src, slurp / register, slurp / set_facts.
Project structure:
├── inventory.yml
├── main.yml
├── README.md
└── roles
├── certbot-hooks
├── global_vars
│ └── vars
│ └── main.yml
├── incron
│ └── tasks
│ └── main.yml
├── incron-hook
│ └── templates
│ └── transfer-user.conf
├── keys-transfer
│ └── tasks
│ ├── main.yml
│ ├── main.yml.fetch-src
│ ├── main.yml.slurp_fail
│ └── main.yml.slurp-fail2
└── ssh_secure_user
├── tasks
│ └── main.yml
└── templates
└── transfer-user.conf
inventory.yml:
all:
vars:
transfer_user: "transfer"
transfer_directory: "/srv/transfer"
target_user: root
ssh_key_paths:
- "~/.ssh/id_rsa.pub"
- "~/.ssh/id_ed25519.pub"
source:
hosts:
#192.168.1.56:
192.168.1.57:
recipient:
hosts:
192.168.1.59:
transfer_list:
192.168.1.57:
- src: /srv/src/domain
dest: /etc/ssl/domain
- src: /srv/src/domain1
dest: /etc/ssl/domain1
192.168.1.58:
transfer_list:
#192.168.1.56:
# - src: /srv/src/domain
# dest: /etc/ssl/domain
192.168.1.57:
- src: /srv/src/domain
dest: /etc/ssl/domain
- src: /srv/src/domain1
dest: /etc/ssl/domain1
- src: /srv/src/domain1
dest: /etc/ssl/domain1
main.yml:
- name: Transfer and manage SSH keys
#hosts: "source, recipient"
hosts: all
roles:
- keys-transfer
#become: yes
#vars:
# ssh_key_paths:
# - "~/.ssh/id_rsa.pub"
# - "~/.ssh/id_ed25519.pub"
keys-transfer/tasks/main.yml via file:
---
- name: Ensure SSH public key exists on source servers
stat:
path: "{{ item }}"
register: ssh_key_check
with_items: "{{ ssh_key_paths }}"
ignore_errors: true
when: inventory_hostname in groups['source']
- name: Fetch SSH public keys from source servers
fetch:
src: "{{ item.item }}"
dest: "/tmp/ssh_keys/{{ inventory_hostname }}/{{ item.item | basename }}"
flat: yes
when: item.stat.exists
with_items: "{{ ssh_key_check.results }}"
# delegate_to: localhost
when: inventory_hostname in groups['source']
- name: Ensure .ssh directory exists for target user on recipient servers
file:
path: "/home/{{ target_user }}/.ssh"
state: directory
owner: "{{ target_user }}"
group: "{{ target_user }}"
mode: '0700'
when: inventory_hostname in groups['recipient']
- name: Gather public keys for recipient servers
command: cat /tmp/ssh_keys/*/*.pub
register: collected_keys
changed_when: false
delegate_to: localhost
when: inventory_hostname in groups['recipient']
- name: Add public keys to authorized_keys on recipient servers
copy:
content: "{{ collected_keys.stdout }}"
dest: "/home/{{ target_user }}/.ssh/authorized_keys"
owner: "{{ target_user }}"
group: "{{ target_user }}"
mode: '0600'
when: inventory_hostname in groups['recipient']
The problem that ansible cant see /tmp/ssh-keys//.pub
keys-transfer/tasks/main.yml via slurp register:
---
- name: Ensure SSH public key exists on source servers
stat:
path: "{{ item }}"
#msg: "{{ ssh_key_check.result }}"
register: ssh_key_check
with_items: "{{ ssh_key_paths }}"
ignore_errors: true
when: inventory_hostname in groups['source']
- name: ssh_key_check debug
with_items: "{{ ssh_key_check.results }}"
ansible.builtin.debug:
msg: "{{ item.item }}"
verbosity: 2
when: inventory_hostname in groups['source']
- name: Slurp SSH public keys from source servers
slurp:
src: "{{ item }}"
register: slurped_ssh_keys
when: item.stat.exists
with_items: "{{ ssh_key_check.results }}"
delegate_to: recipient
delegate_facts: true
when: inventory_hostname in groups['source']
- name: ssh_keys debug
with_items: "{{ slurped_ssh_keys.results }}"
ansible.builtin.debug:
msg: "{{ item.item }}"
verbosity: 2
when: inventory_hostname in groups['source']
- name: Ensure .ssh directory exists for target user on recipient servers
file:
path: "/home/{{ target_user }}/.ssh"
state: directory
owner: "{{ target_user }}"
group: "{{ target_user }}"
mode: '0700'
when: inventory_hostname in groups['recipient']
- name: Add SSH public keys to authorized_keys on recipient servers
copy:
content: "{{ item.item }}"
dest: "/home/{{ target_user }}/.ssh/authorized_keys"
owner: "{{ target_user }}"
group: "{{ target_user }}"
mode: '0600'
with_items: "{{ slurped_ssh_keys }}"
when: inventory_hostname in groups['recipient']
the problem seems to be in variable scope
keys-transfer/tasks/main.yml via slurp set_fact:
---
- name: Collect public keys from source hosts
slurp:
src: "{{ ansible_env.HOME }}/.ssh/id_{{ item }}.pub"
register: public_keys
with_items:
- rsa
- ed25519
- ecdsa
when: inventory_hostname in groups['source']
ignore_errors: yes
- name: Set fact with collected keys
set_fact:
collected_keys: "{{ collected_keys | default([]) + [item.content | b64decode | trim] }}"
delegate_to: 'recipient'
delegate_facts: True
loop: "{{ public_keys.results | selectattr('content', 'defined') | list }}"
when: inventory_hostname in groups['source']
- name: Distribute public keys to destination hosts
authorized_key:
user: "{{ target_user }}"
key: "{{ collected_keys | join('\n') }}"
state: present
when: inventory_hostname in groups['recipient']
the problem seems to be in variable scope too.
Can someone point me how to setup variable scope or declare task-wide, or even maybe playbook-wide variable to pass between task steps?
本文标签: Ansible distribute ssh keys from one host group to another host groupStack Overflow
版权声明:本文标题:Ansible distribute ssh keys from one host group to another host group - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738632967a2103860.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论