Ansible controller üzerinden hemen ansible isminde bir dizin altında ssh key oluşturalum.
ssh-keygen -t rsa -f ~/.ssh/ansible
[onur@ansible-controller ~]$ ssh-keygen -t rsa -f ~/.ssh/ansible Generating public/private rsa key pair. Created directory '/home/onur/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/onur/.ssh/ansible. Your public key has been saved in /home/onur/.ssh/ansible.pub. The key fingerprint is: SHA256:Nt0GPITBEEDvFm2+ZgDL+O4vqtYwFQroKk2ICNAXQuo onur@ansible-controller The key's randomart image is: +---[RSA 2048]----+ |+oo.+oo+.o. | |+..o.. .oo | |B...o o o + | |=o.+ + + . + | |.Eo o + S . o | |oo.. . o o . | |. + . + | | . o. o | |o..ooo. | +----[SHA256]-----+
Ansible controller sunucumuz üzerinden, web1 isimli linux makinemiz arasında parolasız güvenli bir kimlik doğrulaması kurmak istiyoruz. Bu işlemler için ansible’ın web1 erişimi için ssh parolası kullanmadan, bağlantı için -i -i <path-to-your-ssh-private-key> yöntemi ile kullanacağız.
ssh-copy-id -i /home/onur/.ssh/ansible ansible@web1
[onur@ansible-controller ~]$ ssh-copy-id -i /home/onur/.ssh/ansible ansible@web1 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/onur/.ssh/ansible.pub" The authenticity of host 'web1 (172.20.1.100)' can't be established. ECDSA key fingerprint is SHA256:zljSaI1wqBbN2HWk/ZJo3u3ZSWaf24FOEP6O9TPdOFU. ECDSA key fingerprint is MD5:03:56:2e:cf:ba:12:a7:26:07:b5:6e:8c:0c:13:8e:4a. Are you sure you want to continue connecting (yes/no)? yes /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys ansible@web1's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'ansible@web1'" and check to make sure that only the key(s) you wanted were added. [onur@ansible-controller ~]$
Şimdi Inventory dosyamızda yapılandırmış olduğumuz web1 bağlantısını ssh private key base olarak güncelleyelim.
Inventory içerisine hedef makine bağlantısı ansible_ssh_private_key_file ile yapılacağı takdirde inventory içerisinde makine bilgisinin sonuna private key dizin eklenir.
ansible_ssh_private_key_file=~/.ssh/ansible
Tam örnek aşağıdaki gibidir.
#simple inventory web1 ansible_host=172.20.1.100 ansible_user=ansible ansible_ssh_private_key_file=~/.ssh/ansible
Key tanımından sonra aşağıdaki komut ile makine erişimini test edebiliriz.
ansible -m ping -i inventory web1
[onur@ansible-controller playbooks]$ ansible -m ping -i inventory web1 web1 | SUCCESS => { "changed": false, "ping": "pong" } [onur@ansible-controller playbooks]$