how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

Tony_Wong · July 20, 2022, 1:24pm

how do I lookup id_rsa.pub on a host and then run ansible playbook to copy it to their authorized_key file?

dnmvisser · July 20, 2022, 2:51pm

1. https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_lookup.html
2. https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html

mboncalo · July 20, 2022, 5:30pm

Just did that, you use authorized_key module

Tony_Wong · July 20, 2022, 9:12pm

can i use jinja like this?

name: Setup authkeys for user rke
authorized_key:
user: rke
state: present
key: “{{ lookup(‘file’, ‘{{ authorized_key }}’) }}”

keep getting error

Setup authkeys for user rke] *******************************************
fatal: [k8master]: FAILED! => {“msg”: “template error while templating string: unexpected char ‘‘’ at 11. String: “{{ lookup(‘file’, ‘{{ authorized_key }}’) }}””}
fatal: [k8node02]: FAILED! => {“msg”: “template error while templating string: unexpected char ‘‘’ at 11. String: “{{ lookup(‘file’, ‘{{ authorized_key }}’) }}””}
fatal: [k8node01]: FAILED! => {“msg”: “template error while templating string: unexpected char ‘‘’ at 11. String: “{{ lookup(‘file’, ‘{{ authorized_key }}’) }}””}

Tony_Wong · July 20, 2022, 9:36pm

tried this way and got same error

name: Setup authkeys for user rke
authorized_key:
user: ‘{{ username }}’
state: present
key: “{{ lookup(‘file’, ‘/home/{{ username }}/.ssh/id_rsa.pub’) }}”

utoddl · July 20, 2022, 9:50pm

Mustaches never nest.

key: “{{ lookup(‘file’, ‘/home/’ ~ username ~ ‘/.ssh/id_rsa.pub’) }}”

Tony_Wong · July 20, 2022, 10:07pm

now different error

TASK [rancherpocreplay : Setup authkeys for user rke] ******************************************************
[WARNING]: Unable to find ‘/home/rke/.ssh/id_rsa.pub’ in expected paths (use -vvvvv to see paths)
fatal: [k8master]: FAILED! => {“msg”: “An unhandled exception occurred while running the lookup plugin ‘file’. Error was a <class ‘ansible.errors.AnsibleError’>, original message: could not locate file in lookup: /home/rke/.ssh/id_rsa.pub”}
[WARNING]: Unable to find ‘/home/rke/.ssh/id_rsa.pub’ in expected paths (use -vvvvv to see paths)
fatal: [k8node01]: FAILED! => {“msg”: “An unhandled exception occurred while running the lookup plugin ‘file’. Error was a <class ‘ansible.errors.AnsibleError’>, original message: could not locate file in lookup: /home/rke/.ssh/id_rsa.pub”}
[WARNING]: Unable to find ‘/home/rke/.ssh/id_rsa.pub’ in expected paths (use -vvvvv to see paths)
fatal: [k8node02]: FAILED! => {“msg”: “An unhandled exception occurred while running the lookup plugin ‘file’. Error was a <class ‘ansible.errors.AnsibleError’>, original message: could not locate file in lookup: /home/rke/.ssh/id_rsa.pub”}

but /home/rke/.ssh/id_rsa.pub is there on the ansible host

skratbag · July 20, 2022, 10:12pm

Usually the .ssh/authorized_key file has fairly specific permissions (rw user only) as does the .ssh directory. It may well be the ansible user cannot see the files in the .ssh directory as it may not have the correct permissions.

Tony_Wong · July 20, 2022, 10:23pm

But I used become: in my main.yml

Would that have root access?

utoddl · July 20, 2022, 11:31pm

It would have root access — on the target machine, but not on the Ansible controller.

skratbag · July 20, 2022, 11:35pm

I didn’t see the main.yml file and can’t comment on your setup. Yes, root should have access however I’m not sure become would carry over all tasks. I thought it was task specific unless you set it in your group vars

https://docs.ansible.com/ansible/latest/user_guide/become.html

Tony_Wong · July 21, 2022, 12:19pm

main.yml

Tony_Wong · July 21, 2022, 12:32pm

how do i access to lookup the id_rsa.pub file? The user running ansible playbook has sudo rights on the controller

Tony_Wong · July 21, 2022, 1:09pm

[WARNING]: Unable to find ‘/home/rke/.ssh/id_pub.rsa’ in expected paths (use -vvvvv to see paths)
fatal: [k8master]: FAILED! => {“msg”: “An unhandled exception occurred while running the lookup plugin ‘file’. Error was a <class ‘ansible.errors.AnsibleError’>, original message: could not locate file in lookup: /home/rke/.ssh/id_pub.rsa”}
[WARNING]: Unable to find ‘/home/rke/.ssh/id_pub.rsa’ in expected paths (use -vvvvv to see paths)
fatal: [k8node01]: FAILED! => {“msg”: “An unhandled exception occurred while running the lookup plugin ‘file’. Error was a <class ‘ansible.errors.AnsibleError’>, original message: could not locate file in lookup: /home/rke/.ssh/id_pub.rsa”}
[WARNING]: Unable to find ‘/home/rke/.ssh/id_pub.rsa’ in expected paths (use -vvvvv to see paths)
fatal: [k8node02]: FAILED! => {“msg”: “An unhandled exception occurred while running the lookup plugin ‘file’. Error was a <class ‘ansible.errors.AnsibleError’>, original message: could not locate file in lookup: /home/rke/.ssh/id_pub.rsa”}

jcpetro · July 21, 2022, 2:10pm

Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the ansible playbook from? Also, what happens if you try to do a ls on that directory as the user that is executing the ansible playbook, are you getting any errors?

Tony_Wong · July 21, 2022, 2:32pm

yes it does, but the user (ansible) i am running the playbook with even though it has sudo rights and in root group cant access that folder.

i tried to copy the id_rsa.pub to /tmp and it works

jcpetro · July 21, 2022, 2:43pm

Sounds like you have a local permissions issue.

dnmvisser · July 21, 2022, 2:48pm

yes it does, but the user (ansible) i am running the playbook with even though it has sudo rights and in root group cant access that folder.

Your authorized_keys task is run on the remote host, but using the
lookup/file plugin in one of the arguments doesn't allow for privilege
escalation locally.
I think for fetching the materials, you should have an initial
set_fact task with delegate_to=localhost and set become=true on that.

(not verified)

Tony_Wong · July 21, 2022, 4:42pm

do you mean something like this?

Tony_Wong · July 22, 2022, 6:06pm

trying to do this another way

name: copy id_rsa.pub to tmp for reading on localhost
ansible.builtin.shell:
cmd: “{{ command2 }}”
register: shell_output
become: true
delegate_to: localhost

where command2 is ‘cp /home/rke/.ssh/id_rsa.pub /tmp’

I am trying to run this only on the ansible controller (localhost)

but it looks like its trying to run on remote nodes

fatal: [k8node02 → localhost]: FAILED! => {“changed”: false, “msg”: “Unsupported parameters for (command) module: cmd Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends, warn”}
fatal: [k8master → localhost]: FAILED! => {“changed”: false, “msg”: “Unsupported parameters for (command) module: cmd Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends, warn”}
fatal: [k8node01 → localhost]: FAILED! => {“changed”: false, “msg”: “Unsupported parameters for (command) module: cmd Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends, warn”}

any idea?

Topic		Replies	Views
Question about authorized_key module Ansible Project	1	2	December 7, 2022
why am i not able to access id_rsa.pub as another user? Ansible Project	5	1	July 25, 2022
jinja2 template with {% include %} Ansible Project	3	0	September 6, 2013
authorized_key module with delegate_to Ansible Project	0	1	April 8, 2016
Trying to push locally stored .pub keys to the "authorized_keys" on a remote host Ansible Project	3	0	September 21, 2017

how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

Related topics