ansible sshnopass 免密

目录结构

hosts
deployment
    - sshnopass.yml
roles
    - sshnopass
        - tasks
              -main.yml
        - templater
        - files

vim hosts

[jdk]
192.168.106.130 hostname=rocky90-106-130
[compose]
192.168.106.130 hostname=rocky90-106-130
[docker]
192.168.106.130 hostname=rocky90-106-130
[timesyncclient]
192.168.106.130 hostname=rocky90-106-130
[aliyuan]
192.168.106.130 hostname=rocky90-106-130
[init]
192.168.106.130 hostname=rocky90-106-130

[all:vars]
ansible_ssh_user=root
ansible_ssh_pass=kc@123456
ansible_ssh_port=22

[sshnopass:children]
init
[sshnopass:vars]
sshnopass_hostname="192.168.223.201 192.168.223.202 192.168.223.203"

vim deployment/sshnopass.yml

---
- hosts: sshnopass
  roles: 
    - ../roles/sshnopass

vim roles/sshnopass/tasks/main.yml

---
# 安装sshpass软件
- name: Centos7.x_install_sshpass
  yum:
    name: sshpass
    state: present
  when: ansible_distribution=="CentOS"
- name: Rocky9.x_install_sshpass
  dnf:
    name: sshpass
    state: present
  when: ansible_distribution=="Rocky"
- name: Ubuntu_install_sshpass
  apt:
    name: sshpass
    state: present
  when: ansible_distribution=="Ubuntu"
# 分发免密脚本
- name: add sshnopass.sh
  template: src=sshnopass.sh.j2    dest=/tmp/sshnopass.sh   mode=0755
# 删除.ssh目录
- name: remove ~/.ssh
  file: path=~/.ssh/    state=absent
# 运行免密脚本
- name: run sshnopass.sh
  shell: bash /tmp/sshnopass.sh

vim roles/sshnopass/templates/sshnopass.sh.j2

#!/bin/bash
# Description: 免密脚本 ssh no pass
# 生成无密码秘钥对
ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
# 循环公钥
for i in {{sshnopass_hostname}}
do
  sshpass -p {{ansible_ssh_pass}} ssh-copy-id -o stricthostkeychecking=no {{ansible_ssh_user}}@$i
done

测试

ansible-playbook -i hosts deployment/sshnopass.yml

使用authorized_key 模块免密登录(没验证过)

- name: push ssh pub key
  authorized_key:
    name: "root"
    key='{{ lookup('file', '/root/.ssh/id_rsa.pub') }}'"
    state: present