38 lines
1.7 KiB
Bash
38 lines
1.7 KiB
Bash
# shellcheck shell=bash
|
||
# 仓库根 Ansible:从任意 cwd 调用时仍使用 ansible/ansible.cfg(如 host_key_checking=False)。
|
||
ansible_lab_export_config() {
|
||
export ANSIBLE_CONFIG="${ROOT}/ansible/ansible.cfg"
|
||
}
|
||
|
||
# 若 inventory 为各主机声明了 ansible_ssh_private_key_file,则在本机检查文件存在(避免 ssh 报 no such identity)。
|
||
ansible_lab_check_inventory_keys() {
|
||
local inv="$1"
|
||
local line path exp
|
||
[[ -f "$inv" ]] || return 0
|
||
while IFS= read -r line || [[ -n "$line" ]]; do
|
||
[[ "$line" =~ ^[[:space:]]*# ]] && continue
|
||
[[ "$line" =~ ansible_ssh_private_key_file=([^[:space:]]+) ]] || continue
|
||
path="${BASH_REMATCH[1]}"
|
||
exp="${path/#\~/$HOME}"
|
||
if [[ ! -f "$exp" ]]; then
|
||
echo "[ERR] SSH 私钥不存在:$exp(inventory 中为 $path)" >&2
|
||
echo " 将密钥放到该路径并 chmod 600,或改 ansible/inventory.ini 中的 ansible_ssh_private_key_file。" >&2
|
||
echo " 生成/分发可参考:scripts/ssh/setup-k3s-workers-ssh.sh、docs/01-05-节点初始化-ansible-实践.md" >&2
|
||
return 1
|
||
fi
|
||
# OpenSSH 拒绝 group/other 可读的私钥(常见误为 0644),须 600 或 400
|
||
local mode
|
||
mode=$(stat -c '%a' "$exp" 2>/dev/null) || mode=""
|
||
case "$mode" in
|
||
600|400) ;;
|
||
*)
|
||
echo "[ERR] SSH 私钥权限过宽(当前 ${mode:-?},须仅所有者可读):$exp" >&2
|
||
echo " 执行:chmod 600 $exp" >&2
|
||
echo " 若需一次修正本仓库 inventory 中各节点密钥:chmod 600 ~/.ssh/id_ed25519_k3s_192.168.2.61 ~/.ssh/id_ed25519_k3s_192.168.2.62 ~/.ssh/id_ed25519_k3s_192.168.2.63 ~/.ssh/id_ed25519_k3s_192.168.2.64" >&2
|
||
return 1
|
||
;;
|
||
esac
|
||
done < "$inv"
|
||
return 0
|
||
}
|