ansible 的随想

1、Ansible 管理机与被管理机做秘钥认证, ansible 使用key与被管理机进行交互。 像oda机器，机器的架构， 网络配置经常发生改变， 而且机器经常做cleanup, re-image等操作， 那么每次都要产生新的密钥。

2. ansible 主要用批量操作

shell > ssh-keygen        # 生成秘钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ea:11:72:ea:d2:d1:fa:1c:e0:df:4f:b0:98:31:be:fe root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| |
| o.= S |
| ..*.B o |
| .ooB . . |
| ..o+ = . |
| ..oB.E.. |
+-----------------+

shell > ssh-copy-id -i ~/.ssh/id_rsa.pub "-p 22 root@192.168.12.129"     # 将公钥写入被管理机
The authenticity of host '192.168.12.129 (192.168.12.129)' can't be established.
RSA key fingerprint is f0:9e:01:73:a4:bf:14:10:ac:46:a9:48:cd:c5:d8:1c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.12.129' (RSA) to the list of known hosts.
root@192.168.12.129's password: 
Now try logging into the machine, with "ssh '-p 22 root@192.168.12.129'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.