-
Notifications
You must be signed in to change notification settings - Fork 57
/
ansible_setup_passwordless_ssh.yml
executable file
·133 lines (113 loc) · 4.35 KB
/
ansible_setup_passwordless_ssh.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Ansible playbook to establish passwordless SSH login to remote hosts.
#
# https://github.com/ilias-sp/ansible-setup-passwordless-ssh
#
#
# fill in your environment information in the hosts file:
#
# ssh_key_filename: the filename of the SSH key to be generated
# remote_machine_username: the username of the remote host that you want to login as
# remote_machine_password: the password of that user on the remote host. Assuming you are attempting to run this to multiple hosts, the users exists to all machines and have the same password
# [ansible_setup_passwordless_setup_group]: add the list of remote hosts you want to enable the passwordless login.
#
#
#
# run the playbook as:
#
# ansible-playbook -i hosts ansible_setup_passwordless_ssh.yml
#
#
#
---
- hosts: local_host
gather_facts: false
vars_prompt:
- name: confirmation
prompt: "Type 'YES' to establish passwordless login to the remote hosts:"
default: 'NO'
private: no
when: confirmation != "YES"
pre_tasks:
- name: "Check Confirmation"
fail: msg="Exiting... You must type 'YES' to continue."
when: confirmation != "YES"
tasks:
- name: check .ssh local directory exists
stat:
path: "~/.ssh"
register: ssh_directory_exists_check
# - debug:
# var: ssh_directory_exists_check
- name: Check needed OS tools exist
shell: which sshpass ssh-keygen ssh-copy-id
register: os_tools_exist
ignore_errors: true
- name: Fail execution if any of the needed OS tools is missing
fail:
msg: "One or more of the: sshpass, ssh-keygen, ssh-copy-id are missing on this machine. Please install them - using your distribution's recommended method - before continuing."
when: os_tools_exist.rc != 0
- name: create ~/.ssh local directory
file:
path: "~/.ssh"
state: directory
mode: "0700"
register: ssh_directory_creation
when: ssh_directory_exists_check is defined and ssh_directory_exists_check.stat.exists == false
# - debug:
# var: ssh_directory_creation
- name: check .ssh key file exists
stat:
path: "~/.ssh/{{item}}"
register: ssh_key_file_exists_check
with_items:
- "{{ssh_key_filename}}"
- "{{ssh_key_filename}}.pub"
# - debug:
# var: ssh_key_file_exists_check.results[1].stat.exists
- name: generate ssh key on local machine
shell: "ssh-keygen -t rsa -f ~/.ssh/{{ssh_key_filename}} -P \"\""
register: ssh_key_creation
failed_when: ssh_key_creation.rc != 0
when: ssh_key_file_exists_check is defined and ssh_key_file_exists_check.results[0].stat.exists == false and ssh_key_file_exists_check.results[1].stat.exists == false
# - debug:
# var: ssh_key_creation
- name: check .ssh/config file exists
stat:
path: "~/.ssh/config"
register: ssh_config_file_exists_check
# - debug:
# var: ssh_config_file_exists_check
- name: create the ~/.ssh/config file
file:
path: "~/.ssh/config"
state: touch
mode: "0644"
register: ssh_config_file_creation
when: ssh_config_file_exists_check is defined and ssh_config_file_exists_check.stat.exists == false
- name: add the new ssh key to the ~/.ssh/config file
lineinfile:
path: "~/.ssh/config"
line: "IdentityFile ~/.ssh/{{ssh_key_filename}}"
state: present
backup: yes
register: ssh_config_file_key_addition
# - debug:
# var: ssh_config_file_key_addition
- name: distribute the ssh key to the remote hosts
shell: "/usr/local/bin/sshpass -p \"{{remote_machine_password}}\" ssh-copy-id -o StrictHostKeyChecking=no -i ~/.ssh/{{ssh_key_filename}}.pub -p {{ hostvars[item].ansible_port }} \"{{remote_machine_username}}@{{ hostvars[item].ansible_host }}\""
register: ssh_copy_id_execution
with_items:
- "{{ groups['ansible_setup_passwordless_setup_group']}}"
failed_when: ssh_copy_id_execution.rc != 0
# - debug:
# var: ssh_copy_id_execution
- hosts: ansible_setup_passwordless_setup_group
gather_facts: false
tasks:
- name: check ssh to remote hosts works
shell: "hostname; id"
register: ssh_connection_test
failed_when: ssh_connection_test.rc != 0
- name: print the connectivity test results
debug:
var: ssh_connection_test.stdout_lines