Error reporting for authorized_key module

Francisco_Reyes · April 13, 2014, 7:36pm

If the key file to read is not found, shouldn’t the authorized_key module report an error?

Have this in a playbook

name: Manage keys for users
authorized_key: user={{item.uname}} key=“{{lookup(‘file’,‘~/Ansible/keys/’ + item.uname + ‘/authorized_keys2’) }}”
manage_dir=yes
path=‘/home/{{item.uname}}/.ssh/authorized_keys2’
with_items: Ops

I originally had the folder “Ansible” called something else. Upon rename keys stopped getting installed, but the module did not report an error.

Michael_DeHaan1 · April 15, 2014, 9:15pm

If the lookup file is not found, it should produce an exception, yes.

If you are seeing this behavior on the development branch, please make sure there is a ticket on github.

(To be clear, this has nothing to do with the authorized key module in the end, and everything to do with the lookup plugin)

Thanks!

Francisco_Reyes · April 19, 2014, 4:28pm

If the lookup file is not found, it should produce an exception, yes.
If you are seeing this behavior on the development branch, please make sure there is a ticket on github.

ansible 1.6 (devel ae29e43f93) last updated 2014/04/19 14:46:18 (GMT +000)
Still has the issue

(To be clear, this has nothing to do with the authorized key module in the end, and everything to do with the lookup plugin)

Looking at the documentation at http://docs.ansible.com/authorized_key_module.html there is also an option to use

# Using with_file
- name: Set up authorized_keys for the deploy user
  authorized_key: user=deploy
                  key="{{ item }}"
  with_file:
    - public_keys/doe-jane
    - public_keys/doe-john

So in that case if the key file is not found, shouldn't it also produce an error?

Doesn't that mean that authorized_key itself should check that it has a file and not only the lookup plugin?

Brian_Coca1 · April 20, 2014, 12:51am

the module actually does not work with files, it takes a string (key) as an input, the file lookup module lets you get those strings from files.

Michael_DeHaan1 · September 16, 2014, 7:51pm

Yes.

This mayb ethe lookup plugin you have here evaluating lazily and then the authorized key module inserting the lookup call into the file.
Obviously we don’t want that, but there are reasons the lookup plugin itself doesn’t error - but we should catch that later.

Before going further, can you share what version of ansible you are using?

If 1.7.X or 1.8 (devel), please go ahead and file a bug on this.

Thanks!

Michael_DeHaan1 · September 16, 2014, 7:52pm

Sorry, ignore that last one.

I was in our legacy email account from before the company name change and going through the wrong mail folder

Topic		Views
File lookup Ansible Developer	2	August 14, 2014
could not locate file in lookup to deploy authorized_keys Ansible Project	1	December 31, 2019
authorized_key key path broken? Ansible Project	1	December 29, 2013
strange error message from file lookup plugin Ansible Project	2	October 10, 2018
authorized_keys not looking in role 'files' directory for files Ansible Project	3	July 23, 2015

Error reporting for authorized_key module

Related topics