Here is the problem I'm working on.
I have an ansible server I have another server M I have other servers B1, B2, B3... all known by ansible
I have a hosts file such as this
[CTRL]
M
[SLAVES]
B1
B2
B3
I want to generate a ssh key on my master (not ansible itself) and deploy it on my other slave servers to permit the master to connect on the slaves by keys.
Here is what I tried :
- hosts: CTRL
remote_user: root
vars_prompt:
- name: ssh_password
prompt : Please enter password for ssh key copy on remote nodes
private: yes
tasks:
- yum: name=sshpass state=present
sudo: yes
- name: generate ssh key on the controller
shell : ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N /dev/null
- name: copy ssh key to the other nodes
shell : sshpass -p '{{ ssh_password }}' ssh-copy-id root@'{{ item }}'
with_items: groups['SLAVES']
delegate_to: "{{ groups['CTRL'][0] }}"
The key generation works but no matter how I work I have a problem copying the key to the slave hosts
failed: [M -> M] => (item=B1) => {"changed": true, "cmd": "sshpass -p 'mypassword' ssh-copy-id root@'B1'", "delta": "0:00:00.101102", "end": "2016-07-18 11:08:56.985623", "item": "B1", "rc": 6, "start": "2016-07-18 11:08:56.884521", "warnings": []}
failed: [M -> M] => (item=B2) => {"changed": true, "cmd": "sshpass -p 'mypassword' ssh-copy-id root@'B2'", "delta": "0:00:00.101102", "end": "2016-07-18 11:08:56.985623", "item": "B1", "rc": 6, "start": "2016-07-18 11:08:56.884521", "warnings": []}
failed: [M -> M] => (item=B3) => {"changed": true, "cmd": "sshpass -p 'mypassword' ssh-copy-id root@'B3'", "delta": "0:00:00.101102", "end": "2016-07-18 11:08:56.985623", "item": "B1", "rc": 6, "start": "2016-07-18 11:08:56.884521", "warnings": []}
Do you know how I could correct my code or maybe do you have a simplier way to do what I want to do ?
Thank you.
This is more neat solution without file fetch:
---
- hosts: M
tasks:
- name: generate key pair
shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N /dev/null
args:
creates: /root/.ssh/id_rsa
- name: test public key
shell: ssh-keygen -l -f /root/.ssh/id_rsa.pub
changed_when: false
- name: retrieve public key
shell: cat /root/.ssh/id_rsa.pub
register: master_public_key
changed_when: false
- hosts: SLAVES
tasks:
- name: add master public key to slaves
authorized_key:
user: root
key: "{{ hostvars['M'].master_public_key.stdout }}"
One of possible solutions (my first answer):
---
- hosts: M
tasks:
- name: generate key pair
shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N /dev/null
- name: fetch public key
fetch:
src: /root/.ssh/id_rsa.pub
dest: tmp/
flat: yes
- hosts: SLAVES
tasks:
- name: add master public key to slaves
authorized_key:
user: root
key: "{{ lookup('file', 'tmp/id_rsa.pub') }}"