我是新的ansible,我创build了一个小型的剧本,在每个服务器中添加github ssh主机密钥给known_hosts:
--- - hosts: all tasks: - name: Add github to ssh known-hosts known_hosts: name: "TS_github" key: "github.com,192.30.252.129 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" 但是,由于某些原因,这个剧本对于每个主机都有错误:
fatal: [clusterapp-1]: FAILED! => {"changed": false, "cmd": "/usr/bin/ssh-keygen -F TS_github -f /tmp/tmpgROT5p", "failed": true, "msg": "", "rc": 1, "stderr": "", "stdout": "", "stdout_lines": []}
由于某些原因,它使用/tmp/tmpgROT5p作为密钥文件,由于显而易见的原因,这是错误的。 正如文档中所述,known_hosts模块应该使用“(homedir)+ /。ssh / known_hosts”,但不会发生。
我开始玩的手册如下:
ansible-playbook -i hosts github_keys.yml
我也尝试用-vvv键启动playbook,但是我没有得到任何有用的信息。
我的ansible.cfg文件:
[defaults] transport=ssh host_key_checking=false
该name应该是主机的名称。
所以在你的情况下,名称需要是github.com和key应该是github.com,192.30.252.129 ssh-rsa AAAAB3NzaC1yc2EAA...
--- - hosts: all tasks: - name: Add github to ssh known-hosts known_hosts: name: github.com key: "github.com,192.30.252.129 ssh-rsa AAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
作为替代scheme,如果您只是想避免被提示,并且这符合您的安全要求,则可以使用特定用户的.ssh / config文件忽略known_hosts。
主机* StrictHostKeyChecking没有