Giter Club home page Giter Club logo

ansible-setup-passwordless-ssh's Introduction

Purpose

This Ansible Playbook will assist on establishing passwordless SSH logins with the remote hosts you wish to manage. Passwordless logins is a great convenience when connecting to multiple servers, via Ansible or not!

Download the tool

Clone the repository to your ansible-enabled host:

git clone https://github.com/ilias-sp/ansible-setup-passwordless-ssh.git

Alternatively, you can download the ansible_setup_passwordless_ssh.yml and hosts from this repository.

Prerequisites

Make sure your Ansible host is equipped with the utilities, and that they are available to the PATH of the user you will be running the playbook as.

  • ssh-keygen
  • ssh-copy-id
  • sshpass

If you dont have them, before continuing you will have to install them using the recommended ways for your Linux distribution.

Preparations before you run

Edit the hosts file and define your environment's information. Fill in using the below matrix:

Name Description
local_host -> ansible_user user of your localhost
local_host -> ansible_password the password of your localhost's account
local_host -> ansible_port if your local_host has the SSH daemon running not on the default port (22)
local_host -> ansible_host if you want to define the IP of your local_host
ssh_key_filename the filename of the new SSH key to be generated and stored under your .ssh folder of your localhost.
remote_machine_username the username of the remote machines. If you are applying the procedure to multiple hosts.
remote_machine_password the password of the "remote_machine_username" remote machines.
[ansible_setup_passwordless_setup_group] fill in the list of hosts that you want to establish the passwordless login with. the ansible_user is used only when executing the ansible_setup_passwordless_ssh_rollback playbook and it should match the remote_machine_username. The ansible_host can be ommitted if local_host can resolve the hostname you defined in first column. the ansible_port variable should be present even if it has the default value of 22, else you will have to modify the relevant task in the playbook.

If you are planning to run the script towards multiple hosts, make sure the username/password you defined is the same to all of them!

Example

[local_host]
localhost ansible_port=22 ansible_user=username ansible_password=password ansible_host=127.0.0.1


[local_host:vars]
ssh_key_filename="ansible_rsa"
remote_machine_username="root"
remote_machine_password="xxxxxxxxxxxxxxxxxxxxxx"


[ansible_setup_passwordless_setup_group]
rhel-green ansible_port=22 ansible_user=root ansible_host=192.168.1.1
rhel-red   ansible_port=9022 ansible_user=root ansible_host=192.168.1.2

How to run it

run:

ansible-playbook -i hosts ansible_setup_passwordless_ssh.yml

Last task in the playbook is to connect to each of those hosts and run some commands ("hostname" and "id"), check the output to verify the success of the tool!

Output from Demo run

How to avoid the confirmation question.

by design, the 2 playbooks ask for the user's confirmation before proceeding to the tasks. This is a common safety practice, giving the user one last chance to think if he is ready to proceed with this execution. Nevertheless, if this is an unwanted behavior that you want to bypass, you can:

  1. skip this pre_task, by appending in the command the -e confirmation=YES argument. For example:
ansible-playbook -i hosts ansible_setup_passwordless_ssh.yml -e confirmation=YES
  1. use the playbooks that are stored in the non_interactive folder. They are just missing this "safety" check.

What happens in the background to your machines when you run the playbook

By running this playbook, these things happen to your hosts:

Localhost:

  • An SSH key is generated and placed under .ssh folder. Its file name is configurable, default is ansible_rsa.
  • This SSH key is added to the ~/.ssh/config file for SSH client to utilize it when connecting to remote hosts.

Remote hosts:

  • The generated SSH key is propagated to the list of remote hosts you configured in hosts inventory file, and added to their ~/.ssh/authorized_keys file. This is done using the ssh-copy-id linux utility that is meant for this job. sshpass linux utility is used to assist running the script without the need to prompt for user password.

How to rollback

run:

ansible-playbook -i hosts ansible_setup_passwordless_ssh_rollback.yml

Output from Demo run of the rollback

ansible-setup-passwordless-ssh's People

Contributors

ilias-sp avatar lin1000 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

arun31101992 immohitsgit venkathanvika awold-dcca lin1000 devops-training-tools shareef242 harshpan deepalidevops visheshks thatsk vinodbasa debasismaity cloudarchitectaws ascdso2020 subs007 drykea satyamsaty tser1 anujbhatnagar2529 sidkgupta dh13ker saadrahim celsoarp agateaaa wjfrelo msraju2009 suchita-g neetinkandhare zapatero-cldr tabach bahtiyur slongofono kalyanbandi12 kiran199326 cubit9-danielpeyer nitinanjankar psyll0n hyperoff san199332 ahmad-devops beingnaveeds agasthiyappan mshiekh zjlhxq aarif92 fourteen98 jmark99 rashmigupta88 viswasrimaan nperla acloserview ahanciu

ansible-setup-passwordless-ssh's Issues

Playbook Failing - Failed to connect to the host

Host File entry ;

[local_host]
localhost

[local_host:vars]
ssh_key_filename="id_rsa.pub"
remote_machine_username="tools"
remote_machine_password="XxXx"

[ansible_setup_passwordless_setup_group]
remote-server-1
remote-server-2

While running the playbook ; getting following error :


`Type 'YES' to establish passwordless login to the remote hosts: [NO]: YES

PLAY [local_host] *********************************************************************************************************************

TASK [Check Confirmation] *************************************************************************************************************
skipping: [localhost]

TASK [check .ssh local directory exists] **********************************************************************************************
**fatal: [localhost]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}
        to retry, use: --limit @/home/tools/copy_ssh_key_new.retry**

PLAY RECAP ****************************************************************************************************************************
localhost                  : ok=0    changed=0    unreachable=1    failed=0

I am running playbook with tools user , as i don't have root password for any of the machines

how to access host variable if some output need to be copied to another host 

- name: Updating Rpm versions in {{ service_name }}
  hosts: local
  connection: local
  gather_facts: false
  tasks:
    - name: Getting host list from ipa
      shell: /etc/ansible/playbooks/hostfind.sh
    - name: Creating in memory inventory group for {{ nodetype }} in ansible playbook itself
      shell: cat /etc/ansible/hosts | grep {{ nodetype }} | grep {{ env }}
      register: host_list
    - add_host:
        name: "{{ item }}"
        group: "{{ nodetype }}"
      with_items: "{{ host_list.stdout_lines }}"

- name: Deployment Execution start on {{ nodetype }}
  hosts: "{{ nodetype }}"
  connection: ssh
  gather_facts: false
  any_errors_fatal: false
  user: test
  become: yes
  serial: 1
  tasks:
    - name: Deploying service on {{ inventory_hostname }}
      block:
        - name: Downgrading {{ service_name }} service on {{ inventory_hostname }}
          shell: rpm --queryformat "%{VERSION}-%{RELEASE}" -q {{ service_name }}
          register: downgraderpmversion
        - name: Restarting {{ service_name }} service on {{ inventory_hostname }}
          include_tasks: /etc/ansible/inventories/playbooks/common/service_restart.yaml
          with_items:
            - { servicename: '{{ service_name }}' }

- name: Updating Rpm versions for {{ service_name }}
  hosts: local
  connection: local
  gather_facts: false
  tasks:
    - debug:
        var: hostvars[groups['{{ nodetype }}'][0]]['downgraderpmversion']['stdout']
    - shell: echo "{hostvars[groups['{{ nodetype }}'][0]]['downgraderpmversion']['stdout']}"

Typo

Preparations Before You Run section in the README file has a typo. remote_machine_username should be remote_machine_password

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.