我正在使用 Ansible 编写一个简单的任务来创建用户并添加现有的 RSA 公钥。这是我写的代码:
- name: SYSTEM - Create test user
tags: system-user
user:
name: "{{ test_user }}"
state: present
createhome: yes
- name: SYSTEM - Add existing pub key for test user
tags: system-user
copy:
content: "{{ test_user_pubkey }}"
dest: "/tmp/test_user_id_rsa.pub"
force: no
owner: "{{ test_user }}"
group: "{{ test_user }}"
mode: 0600
- name: SYSTEM - Set authorized key for test_user took from file
tags: system-user
authorized_key:
user: "{{ test_user }}"
state: present
key: "{{ lookup('file', '/tmp/test_user_id_rsa.pub') }}"
我编写的代码并不优雅,我认为最好的选择是将现有的 RSA 公钥添加到用户创建 block 中,以便创建和填充
authorized_keys
。文件。我已阅读 Ansible user module但是 ssh_key_file 方法不包括将现有 pub key 的值回显到
authorized_keys
的可能性。文件(最终目的是能够使用用户和私钥远程连接 ssh)。ssh_key_file = Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
Ansible 是否可以在用户模块中管理此过程?
最佳答案
你的问题的答案是:
- name: SYSTEM - Create test user
tags: system-user
user:
name: "{{ test_user }}"
state: present
createhome: yes
- name: SYSTEM - Set authorized key for test_user took from file
tags: system-user
authorized_key:
user: "{{ test_user }}"
state: present
key: "{{ test_user_pubkey }}"
这就是所有需要的。
关于您阅读文档,
ssh_key_file
与生成 SSH key 对有关,这不是您想要的。
关于ssh - 如何使用 Ansible 和用户模块将现有公钥添加到 authorized_keys 文件?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47248998/