如何在Vagrant多机设置中配置SSH密钥?


11

我的Vagrantfile中有4个VM-3个应用程序服务器和一个Ansible控制主机。

我只使用Vagrant来创建VM,因为我仍在创建/编辑Ansible脚本时,从Ansible控制主机手动配置它们。

我可以执行其他操作vagrant ssh ansiblevagrant ssh app1/2/3但是当我尝试ansible-playbook oracle.yml从Ansible控制主机执行操作时,SSH失败并显示

fatal: [192.168.60.10]: UNREACHABLE! => {"changed": false, "msg": "SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue", "unreachable": true}

我可以使用用户无业游民和密码无业游民成功地将Ansible VM切换到Oracle VM。

我的Vagrantfile的关键部分是:

config.ssh.insert_key = false

config.vm.define "db" do |db|
    db.vm.box = "boxcutter/ol67"
    db.vm.hostname = "oracle-vm"
    db.vm.network "forwarded_port", guest: 22, host: 2201, id: "ssh", auto_correct: false
    db.vm.network "forwarded_port", guest: 1521, host: 1521
    db.vm.network "private_network", ip: "192.168.60.10"
    db.vm.provider "virtualbox" do |v|
        v.name = "oracle-vm"
        v.linked_clone = true
        v.memory = 2048
        v.cpus = 2
    end
end

#Optional ansible control machine for Windows users
config.vm.define "ansible", autostart: false do |ansible|
    ansible.vm.box = "williamyeh/ansible"
    ansible.vm.hostname = "ansible-vm"
    ansible.vm.network "forwarded_port", guest: 22, host: 2204, id: "ssh", auto_correct: false
    ansible.vm.network "private_network", ip: "192.168.60.50"
    ansible.vm.provider "virtualbox" do |v|
        v.linked_clone = true
    end
    #Mount the project directory on the guest so we can run the playbooks from there
    ansible.vm.synced_folder ".", "/data/ansible", create: true
end

我需要放入Vagrant文​​件中以允许Ansible VM连接到其他VM,而无需输入密码或之后不需要其他手动步骤vagrant up

这仅用于在开发人员PC上的专用网络上进行开发测试,因此安全性并不是真正的问题,其次是易于实现和流畅的用户体验。



我说得很清楚,我可以在VM之间切换,但ansible不能,因为它需要设置密钥。他不能嘘。问题显然不同。
opticycl的

@JamesShewey:我认为该问题的任何答案都与此无关。给出的答案是指主人与客人之间的通讯;所需答案需要在来宾之间应用。
Torenware Networks

Answers:


8

没有通用方法,可能取决于boxcutter/ol67打包方式。

  1. 最简单的方法是在Ansible库存文件中定义密码:

    [oracle-vm:vars]
    ansible_ssh_user=vagrant
    ansible_ssh_pass=vagrant
    
  2. 第二种方法是保留在oracle-vm计算机上配置的不安全私钥,并将私钥注入ansibleVM:

    config.vm.provision "shell" do |s|
      ssh_insecure_key = File.readlines("#{Dir.home}/.vagrant.d/insecure_private_key").first.strip
      s.inline = <<-SHELL
        echo #{ssh_insecure_key} >> /home/vagrant/.ssh/id_rsa
        chown vagrant /home/vagrant/.ssh/id_rsa
        chmod 400 /home/vagrant/.ssh/id_rsa
      SHELL
    end
    
  3. 预先在主机上生成密钥对,将私钥注入Ansible VM,将公钥注入Oracle authorized_keys

  4. 在Ansible VM上生成密钥对,使用Shell Provisioner将公共密钥复制到Oracle VM并vagrant作为注入密码ssh-copy-id

列表并不止于此,它取决于所需的安全性。


8

根据techraf的第三个建议,我做了以下工作:

  • vagrant up ansible
  • ssh-keygen(不输入密码Enter
  • 复制.ssh/id_rsa.ssh/id_rsa.pub到项目目录
  • vagrant destroy ansible
  • 修改了Vagrantfile将复制id_rsa到所有主机
  • 修改了Vagrantfile,将其复制id_rsa.pubauthorized_keys所有主机上
  • 修改了Vagrantfile以禁用主机检查

Vagrantfile代码段:

 config.vm.provision "file", source: "id_rsa", destination: "/home/vagrant/.ssh/id_rsa"
 public_key = File.read("id_rsa.pub")
 config.vm.provision :shell, :inline =>"
     echo 'Copying ansible-vm public SSH Keys to the VM'
     mkdir -p /home/vagrant/.ssh
     chmod 700 /home/vagrant/.ssh
     echo '#{public_key}' >> /home/vagrant/.ssh/authorized_keys
     chmod -R 600 /home/vagrant/.ssh/authorized_keys
     echo 'Host 192.168.*.*' >> /home/vagrant/.ssh/config
     echo 'StrictHostKeyChecking no' >> /home/vagrant/.ssh/config
     echo 'UserKnownHostsFile /dev/null' >> /home/vagrant/.ssh/config
     chmod -R 600 /home/vagrant/.ssh/config
     ", privileged: false

该解决方案对我来说效果很好,但是我不得不将Host 192.168。*。*更改为*。不知道为什么。谢谢!
Zacho

0

如果要在列表中包含预格式化的块,请缩进八个空格:

  1. 生成公钥/私钥

    cd vagrant-home
    ssh-keygen // just pressed enter
    copy ~/.ssh/id_rsa .
    copy ~/.ssh/id_rsa.pub .
    
  2. 编辑Vagrantfile,添加以下行:config.vm.provision“文件”,源:“ id_rsa”,目标:“ / home / vagrant / .ssh / id_rsa”

        public_key = File.read("id_rsa.pub")
        config.vm.provision "shell", inline: <<-SCRIPT
            chmod 600 /home/vagrant/.ssh/is_rsa
            echo 'Copying ansible-vm public SSH Keys to the VM'
            #mkdir -p /home/vagrant/.ssh
            chmod 700 /home/vagrant/.ssh
            echo '#{public_key}' >> /home/vagrant/.ssh/authorized_keys
            chmod -R 600 /home/vagrant/.ssh/authorized_keys
            echo 'Host 192.168.*.*' >> /home/vagrant/.ssh/config
            echo 'StrictHostKeyChecking no' >> /home/vagrant/.ssh/config
            echo 'UserKnownHostsFile /dev/null' >> /home/vagrant/.ssh/config
            chmod -R 600 /home/vagrant/.ssh/config
            SCRIPT
    
  3.         vagrant up // or vagrant reload --provision

这只是我的答案的重新格式化版本吗?如果是这样,您可能应该编辑我的答案,而不是添加一个新答案。
opticyclic
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.