I promise you.... I'm pretty smart!!

But I can’t seem to wrap my head around this!

I’ve started working for a new company as a Linux admin. I’ve dabbled in ansible a bit, but in a lab setting.

We have about 300 plus existing servers and I will be building more in the future. This is where Ansible comes in. I would like to use ansible to install stuff onto existing servers if needed and to deploy new ones. The thing I don’t understand is how do I get the SSH keys onto the existing servers and how should I go about putting them on future servers. I know to generate a key and I know how to ssh-copy-id, but this can’t be the best method for 300 servers. Also, should I create my keys as my user or root? I’ve looked and looked, but can’t seem to find a concise answer.

There several ways to do this, Ansible has an authorized_keys module that can do the copying, the user module can also generate keys. But it does need to log onto the servers, the first time it can use user/password as part of a bootstrapping play.

As for root vs shared user with sudo vs individual users with sudo … it does not matter to Ansible, do what fits your policy and worfklow better. FYI, sudo is not the only privilege escalation method supported, just used as example.