Default code to add public ssh key fails

Get Help
,
21

my playbook:

---
- hosts: localhost
  gather_facts: no
  vars:
    key_url: "https://raw.githubusercontent.com/gsg-git/awx_pub/main/awxtestpub"
    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"
  tasks:
    - debug: msg="{{ new_key_content }}"

I think i know the problem now.
I started the playbook with at least 3 Hosts, but the log still shows one and everywhere “localhost”
I thing in my playbook i should use instead of localhost all

22

I have luck and no luck:
The playbook now has the IP of the devices and the correct count, but still nothing on both machines…

grafik
grafik1000×390 21.3 KB

23

:thinking:

Your playbook only contains debug task, so it does almost nothing; just displaying converted new key content.

The playbook that @shertel provided is just an example that shows the way to convert keys. You should update your playbook to use new_key_content variable as the key for ansible.posix.authorized_key.

2 Likes
24

maybe its the time, but i dnot get what you mean.
I thought i cann add the key conversion part to the edited key import code example:


- name: Set authorized keys taken from url
  ansible.posix.authorized_key:
    user: charlie
    state: present
    key: https://github.com/charlie.keys


    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"

iim sorry iam not a linux /dev 100% guy juyt sysadmin with mostly adminsitrative experience.
Ill call it a day.
Thank you!

25

Example:

---
- name: Set authorized keys
  hosts: all
  gather_facts: false
  vars:
    key_url: "https://raw.githubusercontent.com/gsg-git/awx_pub/main/awxtestpub"
    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"
  
  tasks:
    - name: Set authorized keys taken from url
      ansible.posix.authorized_key:
        user: charlie
        state: present
        key: "{{ new_key_content }}"
2 Likes
26

Thank you!
So it seems that you can optionalls set the variables in the playbook before you execute the main task.
te fritst try failed the user “rott” didnt exist

27

at least something happen - i cant login via ssh as usual with my public key.
The authorized_keys in root is no change, but i cant use the public keys for login even after restarting the ssh service

28

My example is to add key for the user charlie. Have you modified the user in my example correctly?

If yes, are you sure that your playbook indeed ran to the hosts you are trying to connect to via SSH, by the hostname or IP address that appears in the playbook logs?

29

Yeah the connection has been established:

<192.168.151.237> ESTABLISH SSH CONNECTION FOR USER: root

i forgot to make snapshots of the test vms - i have to see what stopped so i cant login via keys, but with credetials

30

I’m talking about this line:

image

31

Uh yes i used root - i think for the future i should use a dedicated user.
The public ssh login is no problem - my mount left me with my keys and i thought the remote desktop manager would store them.
grafik
How can i recognize that the key has been entered- will there be another line with the key?

32

I uploaded the job log.
i dont know why theres no changes because even the right path /root/.ssh/authorized_keys is mentioned. awx_pub/job_219.txt at main ¡ gsg-git/awx_pub ¡ GitHub

33

I’m not sure I understand your question. Could you please clarify your goal?

The /root/.ssh/authorized_keys for the hosts 192.168.151.237 and 192.168.19.201 should have been updated to include the line ssh-rsa AAAAB3NzaC1yc... since your logs show the task as changed.

34

My problem is that there is nothing added -thats why im asking if the key yust gets added or with a #comment added.
Here are the files:

grafik
grafik870×662 16 KB

grafik
grafik1120×819 31.8 KB

The user permissions are root so i think its not a permission issue.
Both folder have the same permission:
grafik
I look up if there is any log on the machines where the communication could be saved

35

Does AWX use a diffrent port for transfering the data then ssh?
If yes then i have to edit the firewall here.

36

I got it!
I have to use the custom path - even if its a default path:

---
- name: Set authorized keys
  hosts: all
  gather_facts: false
  vars:
    key_url: "https://raw.githubusercontent.com/gsg-git/awx_pub/main/awxtestpub"
    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"
  
  tasks:
    - name: Set authorized keys taken from url
      ansible.posix.authorized_key:
        user: root
        state: present
        key: "{{ new_key_content }}"
        path: /root/.ssh/authorized_keys

The key gets inserted now and i like to use something like this in the playboook:

- name: add comment before entering public key
  lineinfile:
  path: /home/gsa/.ssh/authorized_keys
  line: "#testkey"

I cant add it in the tasks part because it fails.
Do i have to add thepath and commentvalue in the vars like:

---
- name: Set authorized keys
  hosts: all
  gather_facts: false
  vars:
    key_url: "https://raw.githubusercontent.com/gsg-git/awx_pub/main/awxtestpub"
    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"
    commentpath: "/root/.ssh/authorized_keys"
    commentcontent: "'#Testkey"
 tasks:
    - name: Set authorized keys taken from url
       lineinfile:
       path: "{{commentpath}}"
       line: "{{commentline}}"
      ansible.posix.authorized_key:
        user: root
        state: present
        key: "{{ new_key_content }}"
        path: /root/.ssh/authorized_keys
37

If this is true, it’s a bug that should be reported on GitHub, but I can’t reproduce it at all, at least in my environment. It works as expected with or without the path on my side.

I recommend you to know basic playbook syntax and variable usage, then try it.

Also, if a task fails, read the error message carefully to find out why it failed and how to fix it.

1 Like
38

Ill make an issue then if you suggest me to.

And the variable part is right? Then i have to look up the right “punctuation marks”
Im exited if i can expand your playbook myself successfully :laughing:

39

If you open an issue at Issues · ansible-collections/ansible.posix · GitHub please be sure to include a simple generic reproducer, the full output with -vvv, and the commands you’re running that prove the module didn’t do what it claimed. I wasn’t able to reproduce the issue.

The syntax of your latest code block isn’t right, but reading the docs and trying it (and reading the error messages) is a good way to learn.

1 Like
40

I used two Templates one with the correct behaviour and path added and one with the path not set and nothing happens and uploaded anr linked them in the issue.