小贝子编程

将多个公钥与 Ansible 组合在一起



如何组合多个 ssh 公钥以与 Ansible 的authorized_key模块一起使用?

我有包含用户和键的变量文件: 

ssh_users:
  - name: peter
    keys:
      - 'ssh-rsa AAAAB3NzaC1yc2EAAA peter@key1'
      - 'ssh-rsa AAAABsgsdfgyc2EAAA peter@key2'
    root: yes
  - name: paul
    keys:
      - 'ssh-rsa AAAAB3Nzaafac2EAAA paul@key1'
    root: no

我想浏览一下这个列表,挑选出具有"root:yes"的用户(及其密钥),并将它们组合在一起以更新 root 用户的authorized_keys文件。

这不起作用:

- name: lookup keys
  set_fact:
    keylist: "{{ item.keys }}"
  with_items: "{{ ssh_users }}"
  when: item.root == true
  register: result
 - name: make a list
   set_fact:
     splitlist: "{{ result.results | 
  selectattr('ansible_facts','defined') | map(attribute='ansible_facts.keylist') | list | join('n') }}"
 - name: update SSH authorized_keys
   authorized_key:
     user: root
     key: "{{ splitlist }}"
     state: present
     exclusive: yes
您可以使用

Jinja selectattrmap过滤器获得所需的内容,如下所示:

---
- hosts: localhost
  gather_facts: false
  vars:
    # Here's our data: two users with 'root' access,
    # one without. We expect to see three public keys in
    # the resulting authorized_keys file.
    #
    # Note that I've renamed the "keys" key to "pubkeys", because
    # otherwise it conflicts with the "keys" method of dictionary
    # objects (leading to errors when you try to access something
    # like item.keys).
    ssh_users:
      - name: alice
        pubkeys:
          - 'ssh-rsa alice-key-1 alice@key1'
        root: true
      - name: peter
        pubkeys:
          - 'ssh-rsa peter-key-1 peter@key1'
          - 'ssh-rsa peter-key-2 peter@key2'
        root: true
      - name: paul
        pubkeys:
          - 'ssh-rsa paul-key-1 paul@key1'
        root: false
  tasks:
    - become: true
      authorized_key:
        user: root
        key: "{{ 'n'.join(ssh_users|selectattr('root')|map(attribute='pubkeys')|flatten) }}"
        state: present
        exclusive: true

authorized_key任务中,我们首先使用 selectattr 筛选器提取具有root访问权限的用户。 我们将其传递给map过滤器以仅提取pubkeys属性,这将为我们提供两个列表(一个包含一个键,另一个具有两个键)。 最后,我们将其传递给 flatten 筛选器以创建单个列表,然后用换行符连接生成的键以匹配authorized_key模块所需的输入格式。 生成的.ssh/authorized_keys文件如下所示:

ssh-rsa alice-key-1 alice@key1
ssh-rsa peter-key-1 peter@key1
ssh-rsa peter-key-2 peter@key2

这是您要查找的代码吗?

- name: update SSH authorized_keys
  authorized_key:
    user: root
    key: "{{ item.1 }}"
  loop: "{{ ssh_users | subelements('keys', skip_missing=True) }}"
  when: item.0.root

您不需要独占参数和状态参数。我认为默认值排除:状态:存在是可以的。

键,其中根:假,可以删除

- name: remove SSH authorized_keys
  authorized_key:
    state: absent
    user: root
    key: "{{ item.1 }}"
  loop: "{{ ssh_users | subelements('keys', skip_missing=True) }}"
  when: not item.0.root

在一个任务中添加和删除键,可以使用三元筛选器

- name: Preen SSH authorized_keys
  authorized_key:
    state: "{{ item.0.root | ternary('present','absent') }}"
    user: root
    key: "{{ item.1 }}"
  loop: "{{ ssh_users | subelements('keys', skip_missing=True) }}"

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium