[ansible] playbook 작성/실행 - SSH Public key 배포 (ssh-key 교환 방법)

IT2/ansible
2023. 1. 29. 02:52

우선 키가 없다면 ssh-keygen으로 키 생성부터 수행해야 함

playbook을 이용한 root 계정의 ssh public key(공개 키) 배포

ssh key 생성

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3ejXwfgUXnEybjxbshKsHc8PIU+QDymcvTxAiEnTess root@ansible
The key's randomart image is:
+---[RSA 2048]----+
|     .o+ +.o.oo..|
|      o.o =.=+ oo|
|       .   +=+X o|
|      . .. =+&.X |
|       oS.+ =.%  |
|        E.   = + |
|          . . o .|
|           .     |
|                 |
+----[SHA256]-----+

playbook 작성

# cat deploye_root_key.yml
---
- name: Public key is deployed to managed hosts for Ansible
  gather_facts: no
  hosts: all

  tasks:
  - name: Ensure key is in root's ~/.ssh/authorized_hosts
    authorized_key:
      user: root
      state: present
      key: '{{item}}'
    with_file:
      - ~/.ssh/id_rsa.pub

playbook 실행

# ansible-playbook deploye_root_key.yml --ask-pass
SSH password:

PLAY [Public key is deployed to managed hosts for Ansible] *******************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************
changed: [webserver1]
changed: [dbserver1]
changed: [webserver2]

TASK [Ensure key is in root's ~/.ssh/authorized_hosts] ***********************************************************************************************************************************************************
changed: [dbserver1] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8jYJ2HoeQPS6CchLLnsMOWQ/sPtFkg8wuALY6WmXPXBF+8lpE/1H7vTZ02Di5MMZkDT1+R+ThkS7hjJkTHkc9gaLBAouVmcyDAGkyp8BdSoAY6umS2YbNmH8fxeQ8+Fa2M8EgjOp1AjZJI1n42afNxWwo4V/DbnQe7B8b+YguURgFtSiE71J9hdy/VqmvKPg64xigjqkVHnWv1Ckyau0O/DjyWg5ryDm5irDKWMpd9s40mmcVJCEKE8mVFuaW3knwQptBVpg1mwHQ95YihCGDPVFC6XkJYDI1q+EPAMKFpsUoUHP0QzXRE8YCxantsOpHV73NwTB7vTc7CWN66w7r root@ansible)
changed: [webserver2] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8jYJ2HoeQPS6CchLLnsMOWQ/sPtFkg8wuALY6WmXPXBF+8lpE/1H7vTZ02Di5MMZkDT1+R+ThkS7hjJkTHkc9gaLBAouVmcyDAGkyp8BdSoAY6umS2YbNmH8fxeQ8+Fa2M8EgjOp1AjZJI1n42afNxWwo4V/DbnQe7B8b+YguURgFtSiE71J9hdy/VqmvKPg64xigjqkVHnWv1Ckyau0O/DjyWg5ryDm5irDKWMpd9s40mmcVJCEKE8mVFuaW3knwQptBVpg1mwHQ95YihCGDPVFC6XkJYDI1q+EPAMKFpsUoUHP0QzXRE8YCxantsOpHV73NwTB7vTc7CWN66w7r root@ansible)
changed: [webserver1] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8jYJ2HoeQPS6CchLLnsMOWQ/sPtFkg8wuALY6WmXPXBF+8lpE/1H7vTZ02Di5MMZkDT1+R+ThkS7hjJkTHkc9gaLBAouVmcyDAGkyp8BdSoAY6umS2YbNmH8fxeQ8+Fa2M8EgjOp1AjZJI1n42afNxWwo4V/DbnQe7B8b+YguURgFtSiE71J9hdy/VqmvKPg64xigjqkVHnWv1Ckyau0O/DjyWg5ryDm5irDKWMpd9s40mmcVJCEKE8mVFuaW3knwQptBVpg1mwHQ95YihCGDPVFC6XkJYDI1q+EPAMKFpsUoUHP0QzXRE8YCxantsOpHV73NwTB7vTc7CWN66w7r root@ansible)

PLAY RECAP *******************************************************************************************************************************************************************************************************
dbserver1 : ok=1 changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
webserver1 : ok=1 changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
webserver2 : ok=1 changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

테스트

패스워드 묻지 않고 접속된다면 성공

# ssh webserver1
# ssh webserver2
# ssh dbserver1

playbook을 이용한 일반 계정의 ssh public key(공개 키) 배포

ssh key 생성

root 계정과 동일하게 진행하면 되는데, 일반 계정으로 로그인한 상태로 ssh key 생성하기

playbook 작성

$ cat deploye_user_key.yml
---
- name: Public key is deployed to managed hosts for Ansible
  gather_facts: no
  hosts: all

  tasks:
  - name: Ensure key is in user's ~/.ssh/authorized_hosts
    authorized_key:
      user: ansible
      state: present
      key: '{{item}}'
    with_file:
      - ~/.ssh/id_rsa.pub

playbook 실행

$ ansible-playbook -i deploye_user_key.yml -k
SSH password:

PLAY [Public key is deployed to managed hosts for Ansible] *******************************************************************************************************************************************************

TASK [Ensure key is in user's ~/.ssh/authorized_hosts] ***********************************************************************************************************************************************************
changed: [dbserver1] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZT75Z7oyhKDYCwHpLA7oyYGhmTZmeJVmiSOngzF6EpZnuN4nLJRAVYaveRGqmfeU44cpBmSGefRzgEEnHV4SwX1Z7Hsw9Rx1IcVisPUDwGqpK8WJkgVO+AqcEj3tyGtjjMc9tfGG1nERMnu2146uFtLrwpFZ7+XcmFB0pPyiXT87G7bb6aVCR+hdHuy5ON6FYXkgN5+tcKzapGp1UMy5Y4xAeL5yzDm+MqFFL5pOi7TGkyy8/vApKJCOnFXmrJCZY/BegsXa3MDEAlY0Hz7slz02aiJGljDgTd2yxuIG3a7erY5q0qCzsYv5pHUA2rcHw75sTzp0PvFQCmOARIMv/ ansible@ansible)
changed: [webserver1] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZT75Z7oyhKDYCwHpLA7oyYGhmTZmeJVmiSOngzF6EpZnuN4nLJRAVYaveRGqmfeU44cpBmSGefRzgEEnHV4SwX1Z7Hsw9Rx1IcVisPUDwGqpK8WJkgVO+AqcEj3tyGtjjMc9tfGG1nERMnu2146uFtLrwpFZ7+XcmFB0pPyiXT87G7bb6aVCR+hdHuy5ON6FYXkgN5+tcKzapGp1UMy5Y4xAeL5yzDm+MqFFL5pOi7TGkyy8/vApKJCOnFXmrJCZY/BegsXa3MDEAlY0Hz7slz02aiJGljDgTd2yxuIG3a7erY5q0qCzsYv5pHUA2rcHw75sTzp0PvFQCmOARIMv/ ansible@ansible)
changed: [webserver2] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZT75Z7oyhKDYCwHpLA7oyYGhmTZmeJVmiSOngzF6EpZnuN4nLJRAVYaveRGqmfeU44cpBmSGefRzgEEnHV4SwX1Z7Hsw9Rx1IcVisPUDwGqpK8WJkgVO+AqcEj3tyGtjjMc9tfGG1nERMnu2146uFtLrwpFZ7+XcmFB0pPyiXT87G7bb6aVCR+hdHuy5ON6FYXkgN5+tcKzapGp1UMy5Y4xAeL5yzDm+MqFFL5pOi7TGkyy8/vApKJCOnFXmrJCZY/BegsXa3MDEAlY0Hz7slz02aiJGljDgTd2yxuIG3a7erY5q0qCzsYv5pHUA2rcHw75sTzp0PvFQCmOARIMv/ ansible@ansible)

PLAY RECAP *******************************************************************************************************************************************************************************************************
dbserver1 : ok=1 changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
webserver1 : ok=1 changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
webserver2 : ok=1 changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

테스트

패스워드 묻지 않고 접속된다면 성공

$ ssh webserver1
$ ssh webserver2
$ ssh dbserver1

저작자표시 비영리 변경금지

'IT2 > ansible' 카테고리의 다른 글

[ansible] playbook 개념/작성/예시 (0)	2023.02.12
[ansible] yaml(yml)을 위한 vi(vim) 꿀팁 설정 (0)	2023.02.11
[ansible] inventory(인벤토리) 작성법-① (0)	2023.01.29
[ansible] ping 테스트 실패 (Failed to connect to the host via ssh: Permission denied) 해결 방법 (0)	2023.01.28
[ansible] 설치 및 기본 사용법 (ssh-key 교환 포함) (0)	2023.01.27

BUYTIME