authorized_keys module change

Mark_Maas · May 13, 2013, 11:50am

Hi All,

In my previous playbook, I had this:


```
- name: USERS | Authorized Key toevoegen aan ${item.username}
  action: authorized_key user=${item.username} key="$FILE(/etc/ansible/keys/${item.username}.pub)"
  with_items: $tomadmins
  when_set: $tomadmins
  tags:
    - tomadmins
```

Which worked perfectly.

Now I see this has changed, so I tried this:

name: USERS | Authorized Key toevoegen aan ${item.username}

action: authorized_key user={{ item.username }} key=“{{ lookup(‘file’, ‘/etc/ansible/keys/{{ item.username }}.pub’) }}”

with_items: $tomadmins

tags:

tomadmins

But now it comes with this error:

TASK: [USERS | Authorized Key toevoegen aan ${item.username}] *****************

fatal: [tom2prap03] => /etc/ansible/keys/{{item.username}}.pub does not exist

FATAL: all hosts have already failed – aborting

Any suggestions much apreciated.

Thanks,
Mark

Lester_Wade · May 13, 2013, 11:54am

The new variable stuff referencing of {{ myvar }} only works with 1.2, so make sure you are using the current devel branch. Prior to 1.2 (devel), you need to be using $myvar still.

Mark_Maas · May 13, 2013, 12:01pm

Upgraded this morning

mmaas@pmgtansible:~/playbooks$ ansible --version
ansible 1.2

So that’s not it

Lester_Wade · May 13, 2013, 12:14pm

Drat!

Maybe you need some quoting around the variable since that encapsulated by another set of {{ in regards to the lookup.

Mark_Maas · May 13, 2013, 12:23pm

Bettererder:

name: USERS | Authorized Key toevoegen aan ${item.username}
action: authorized_key
user={{ item.username }}
key=“{{ lookup(‘file’, ‘/etc/ansible/keys/’{{ item.username }}‘.pub’) }}”
with_items: $tomadmins
tags:
tomadmins

Gives me this error now:

TASK: [USERS | Authorized Key toevoegen aan ${item.username}] *****************

failed: [xxxxxxx] => (item={‘username’: ‘hmeijer’, ‘group’: ‘hmeijer’, ‘uid’: 510, ‘gecos’: ‘Herman Meijer’, ‘groups’: ‘xxxx’, ‘password’: None}) => {“failed”: true, “item”: {“gecos”: “Herman Meijer”, “group”: “hmeijer”, “groups”: “fam”, “password”: null, “uid”: 510, “username”: “hmeijer”}}

msg: Failed to lookup user {{item.username}}: ‘getpwnam(): name not found: {{item.username}}’

failed: [xxxxxxx] => (item={‘username’: ‘fam’, ‘group’: ‘fam’, ‘uid’: 504, ‘gecos’: ‘Fam User’, ‘groups’: ‘xxxx’, ‘password’: None}) => {“failed”: true, “item”: {“gecos”: “Fam User”, “group”: “fam”, “groups”: “users”, “password”: null, “uid”: 504, “username”: “fam”}}

msg: Failed to lookup user {{item.username}}: ‘getpwnam(): name not found: {{item.username}}’

FATAL: all hosts have already failed – aborting

Michael_DeHaan2 · May 13, 2013, 12:38pm

Looks like here’s your problem, you can’t nest template variables (and don’t have to):

If you want to use the new syntax, change:

key=“{{ lookup(‘file’, ‘/etc/ansible/keys/’{{ item.username }}‘.pub’) }}”

To:

key=“{{ lookup(‘file’, ‘/etc/ansible/keys/’ + item[‘username’] + ‘.pub’) }}”

Though our intent is to keep both mechanisms working so nobody has a forced syntax change.
Very important

benno_joy · May 13, 2013, 12:43pm

can you try

with_items: tomadmins

or

with_items: ‘{{ tomadmins }}’

also the paste the tomadmins list. and maybe also a debug output -vv

Benno

Mark_Maas · May 13, 2013, 12:46pm

Closer I guess:

TASK: [USERS | Authorized Key toevoegen aan ${item.username}] *****************

ESTABLISH CONNECTION FOR USER: root on PORT 22 TO tom2prap03

EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1368449027.57-41569896691629 && echo $HOME/.ansible/tmp/ansible-1368449027.57-41569896691629’

REMOTE_MODULE authorized_key user=hmeijer key=

PUT /tmp/tmp0bElUj TO /root/.ansible/tmp/ansible-1368449027.57-41569896691629/authorized_key

EXEC /bin/sh -c ‘sudo -k && sudo -H -S -p “[sudo via ansible, key=ljwyeixjzmyrddqpiwztitabnvqwtqjo] password: " -u root /bin/sh -c '”’“‘/usr/bin/python /root/.ansible/tmp/ansible-1368449027.57-41569896691629/authorized_key; rm -rf /root/.ansible/tmp/ansible-1368449027.57-41569896691629/ >/dev/null 2>&1’”‘"’’

fatal: [tom2prap03] => failed to parse: Traceback (most recent call last):

File “/root/.ansible/tmp/ansible-1368449027.57-41569896691629/authorized_key”, line 1116, in ?

main()

File “/root/.ansible/tmp/ansible-1368449027.57-41569896691629/authorized_key”, line 218, in main

results = enforce_state(module, module.params)

File “/root/.ansible/tmp/ansible-1368449027.57-41569896691629/authorized_key”, line 193, in enforce_state

writekeys(module, keyfile(module, user, write, path, manage_dir), keys)

File “/root/.ansible/tmp/ansible-1368449027.57-41569896691629/authorized_key”, line 164, in writekeys

module.atomic_replace(tmp_path, filename)

AttributeError: ‘AnsibleModule’ object has no attribute ‘atomic_replace’

FATAL: all hosts have already failed – aborting

With this code:

name: USERS | Authorized Key toevoegen aan ${item.username}

action: authorized_key

user={{ item.username }}

key=“{{ lookup(‘file’, ‘/etc/ansible/keys/’ + item[‘username’] + ‘.pub’) }}”

with_items: $tomadmins

tags:

tomadmins

But we’re getting closer

Mark_Maas · May 13, 2013, 12:48pm

can you try

with_items: tomadmins

or

with_items: ‘{{ tomadmins }}’

Same error (As in: “AttributeError: ‘AnsibleModule’ object has no attribute ‘atomic_replace’”)

also the paste the tomadmins list. and maybe also a debug output -vv

Example bit for the tomadmins variable:
tomadmins:

username: hmeijer
gecos: ‘Herman Meijer’
group: hmeijer
groups: fam
password:
uid: 501
username: fam
gecos: ‘Fam User’
group: fam
groups: staff
password:
uid: 504

The previous code worked btw, but since I upgraded to 1.2 this morning, it no longer does so.

Michael_DeHaan2 · May 13, 2013, 12:50pm

Quick note:

with_items: foo

is all you ever need

with_items: “{{ foo }}”

is legal, but just unnecessary punctuation

Ansible will convert one to the other internally, automatically.

Michael_DeHaan2 · May 13, 2013, 12:51pm

You have an install that is somehow mixed up, probably from doing a “make install” or having cruft in your library directory.

Clean out your library directory or make sure you are running from source using ./hacking/env-setup

We’re obviously still developing 1.2 so the system is not yet coded to prefer modules in subdirectories to ones at top level, thus it is probably finding your 1.1 module you had previously installed.

Mark_Maas · May 14, 2013, 6:30am

Yep that was it!

I moved the old ansible directory completely out of the way, and did the make install again:

mv /usr/share/ansible{,.bak}; sudo make install

Thanks loads!

Mark

Topic		Replies	Views
authorized_key + lookup + with_items Ansible Project	2	1	March 17, 2015
variable interpolation does not work when name is not used but does otherwise Ansible Project	2	0	December 20, 2012
authorized_keys Ansible Project	1	0	September 16, 2014
Error with playbook, which should create user accounts and set authorized public keys Ansible Project	8	0	July 21, 2015
Error reporting for authorized_key module Ansible Project	5	0	September 16, 2014

authorized_keys module change

Related topics