I'm trying to migrate an existing cloud cluster to ansible.

It's about 10 machines.

I want to use Ansible to add my SSH key to all boxes so I can just ssh
authenticate.

But the I have the following problems:

1. none of the connections work because the ssh host keys aren't installed.

2. I first need to authenticate with a password before the ssh key can be
installed.

Is there anyway to force SSH to be both serial and interactive?

This way it would go through each host, one at a time, add the SSH host key
if I confirm, then prompt for the root password, and then add my SSH key.

At which point I would be done.

I have to do this for like 50 -70 machines for a big ansible migration and
I'd prefer to not spend an hour doing this manually :-(

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/73a350e1-eb46-4f5b-a4f6-19ed1b086821%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Matt Martz at Oct 30, 2014 at 11:51 pm
    So what specifically would you say your problem is?

    And perhaps it might be easier to just write a for loop and use ssh-copy-id
    to get your key up there first?

    Ansible can do it, but there a few things to consider:

    1. Do all hosts use the same password? If so then this is easy
    2. If hosts use different passwords, you could temporarily put your
    password on your inventory
    3. What is the need for interactivity? Ansible doesn't typically do
    interactive remote tasks
    4. Also for doing it serially you can use -f
    5. Do you have to add your key to the root users authorized keys? I'd
    recommend not doing that, and just ssh as your user and use su or sudo
    functionality in ansible

    On Thursday, October 30, 2014, Kevin Burton wrote:

    I'm trying to migrate an existing cloud cluster to ansible.

    It's about 10 machines.

    I want to use Ansible to add my SSH key to all boxes so I can just ssh
    authenticate.

    But the I have the following problems:

    1. none of the connections work because the ssh host keys aren't installed.

    2. I first need to authenticate with a password before the ssh key can be
    installed.

    Is there anyway to force SSH to be both serial and interactive?

    This way it would go through each host, one at a time, add the SSH host
    key if I confirm, then prompt for the root password, and then add my SSH
    key.

    At which point I would be done.

    I have to do this for like 50 -70 machines for a big ansible migration and
    I'd prefer to not spend an hour doing this manually :-(

    --
    You received this message because you are subscribed to the Google Groups
    "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to ansible-project+unsubscribe@googlegroups.com
    <javascript:_e(%7B%7D,'cvml','ansible-project%2bunsubscribe@googlegroups.com');>
    .
    To post to this group, send email to ansible-project@googlegroups.com
    <javascript:_e(%7B%7D,'cvml','ansible-project@googlegroups.com');>.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/ansible-project/73a350e1-eb46-4f5b-a4f6-19ed1b086821%40googlegroups.com
    <https://groups.google.com/d/msgid/ansible-project/73a350e1-eb46-4f5b-a4f6-19ed1b086821%40googlegroups.com?utm_medium=email&utm_source=footer>
    .
    For more options, visit https://groups.google.com/d/optout.

    --
    Matt Martz
    @sivel
    sivel.net

    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v-hRBFmDs3Uyza4HcrwYWLwcEya0_cfzQxoM4ZbbjhuFA%40mail.gmail.com.
    For more options, visit https://groups.google.com/d/optout.
  • Kevin Burton at Oct 31, 2014 at 12:11 am

    On Thursday, October 30, 2014 4:51:35 PM UTC-7, Matt Martz wrote:
    So what specifically would you say your problem is?
    I need to bulk add all host keys, then I need to add my SSH key on all the
    boxes.

    And perhaps it might be easier to just write a for loop and use
    ssh-copy-id to get your key up there first?
    I mean I can but Ansible should be able to do it I think. Might be wrong
    though.

    Ansible can do it, but there a few things to consider:

    1. Do all hosts use the same password? If so then this is easy
    2. If hosts use different passwords, you could temporarily put your
    password on your inventory
    ah. yes. I'll probably do that. ... then back it out.

    3. What is the need for interactivity? Ansible doesn't typically do
    interactive remote tasks
    because OpenSSH will, by itself, prompt for the password, and add the host
    key.

    4. Also for doing it serially you can use -f
    5. Do you have to add your key to the root users authorized keys? I'd
    recommend not doing that, and just ssh as your user and use su or sudo
    functionality in ansible
    Maybe but I find it's effectively the same and would require some
    refactoring... but if I'm just going to SSH in and then immediately su it's
    orthogonal.

    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/82203dcb-87ae-4832-bf8d-af3419a5c864%40googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Kevin Burton at Oct 31, 2014 at 12:16 am
    btw...

    -f 1

    caused openssh to prompt me to accept the host ID ... so that worked :)

    KEvin

    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7644b3de-6be1-4415-9cc2-9588a7c53042%40googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Michael DeHaan at Nov 1, 2014 at 2:47 pm
    Ansible will still ask without -f 1.


    On Thu, Oct 30, 2014 at 8:16 PM, Kevin Burton wrote:

    btw...

    -f 1

    caused openssh to prompt me to accept the host ID ... so that worked :)

    KEvin

    --
    You received this message because you are subscribed to the Google Groups
    "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit
    https://groups.google.com/d/msgid/ansible-project/7644b3de-6be1-4415-9cc2-9588a7c53042%40googlegroups.com
    <https://groups.google.com/d/msgid/ansible-project/7644b3de-6be1-4415-9cc2-9588a7c53042%40googlegroups.com?utm_medium=email&utm_source=footer>
    .

    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyJR6EB3%2BkM0q%2BZVZMLDab4cxKitBTUEVB-QUePEbi9bw%40mail.gmail.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupansible-project @
postedOct 30, '14 at 11:36p
activeNov 1, '14 at 2:47p
posts5
users3

People

Translate

site design / logo © 2022 Grokbase