I’m trying to get around the issue with authorized_keys not having support for exclusive and with_items. I have a list of keys I want to populate an authorized_keys file and have ansible remove all others that may be in the file.
authorized_keys accepts a list of keys if they are supplied as a string as it splits them by newline. My setup is as following:
- name: Assemble keys
set_fact:
key_item: “{{ lookup(‘file’, role_path + ‘/files/’ + item) }}”
with_items: - dude1.pub
- dude2.pub
- dudette1.pub
- dudarino1.pub
- automated_delivery.pub
tags: ssh-keys
when: item != ‘automated.delivery.pub’ or (ssh_key_automated_delivery is defined and ssh_key_automated_delivery == True)
register: keys
- name: Distribute operations ssh-keys to root
authorized_key:
key : ‘{{ keys.results|selectattr(“ansible_facts”,“defined”)|map(attribute=“ansible_facts.key_item”)|join(“\n”) }}’
manage_dir : yes
state : present
user : root
exclusive : yes
tags: ssh-keys
It does not complain but I get one key composing of all keys joined by backslash+n, not newline. If some of the key files have multiple keys on separate lines their newline does not get escaped.
Is there a way to tell ansible not to escape the newlines in key ?
I’ve tried to use the list filter but authorized_key formats that as [item1], [item2] and is not happy with that.