[ANSIBLE] 앤서블 접근을 위한 SSH 인증 구성
Posted by Albert 398Day 2Hour 7Min 1Sec ago [2024-07-04]
환경: VM상 CENTOS 3대로 구성
1. asimblecontroller (제어노드)
2. tnode1, tnode2 (관리노드1,2)
host 설정
[root@asimblecontroller asimble]' cat /etc/hosts
192.168.200.154 tnode1
192.168.200.133 tnode2
inventory 내용
[web]
tnode1
[db]
tnode2
[all:children]
web
db
ansible.cfg 설정
[defaults]
inventory = ./inventory
remote_user = root
ask_pass = false
[privilege_escalation]
become = true
become_method = sudo
become_user = root
become_ask_pass = false
ssh 인증서 생성
1. asimblecontroller 상 ssh key 생성
[root@asimblecontroller asimble]' ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:9o0kuI/f8xFNunbT1riFpbF8Lm5US560kQuUsLbuiHc root@asimblecontroller
The key's randomart image is:
+---[RSA 2048]----+
| .. . |
| .o |
| o. . .|
| . . .= =.|
| . S ..o B.B|
| o +.o +.'.|
| . o.=.O *|
| o.o+E ooB |
| .o+.o+.oo..|
+----[SHA256]-----+
2. tnode1, tnode2 (관리노드1,2)로 ssh 복사
[root@asimblecontroller asimble]' ssh-copy-id root@192.168.200.154
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.200.154's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.200.154'"
and check to make sure that only the key(s) you wanted were added.
[root@asimblecontroller asimble]' ssh-copy-id root@192.168.200.133
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.200.133 (192.168.200.133)' can't be established.
ECDSA key fingerprint is SHA256:Ermk0Oqeo1KpakMlUi4B492hxIjF6ueQW54z3JBVZ0Q.
ECDSA key fingerprint is MD5:16:c9:83:4a:a5:cb:84:85:04:6c:d6:17:08:da:bd:94.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.200.133's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.200.133'"
and check to make sure that only the key(s) you wanted were added.
tnode1 에 ansible ping 테스트 결과
[root@asimblecontroller asimble]' ansible -m ping web
tnode1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
끝