I have 2 separate dictionaries that I need to iterate over to 1) create a user and 2) add their ssh keys (some users might have multiple keys)
The first task works, the second…not so much - I’ve tried so many things, I can’t even remember (with_subelements, with_items, lookups, etc). How would I iterate over the 2 dictionaries to properly add the correct key(s) to each user created in the first task? I know it would easier to combine the 2 dictionaries, but (for reasons) I can’t at this time.
`
Hi,
I do something similar…
users:
user_uid: 667
user_key: “https://URL-TO-KEY-/user1/id_rsa.pub”
user_group: wheel
user_key: “https://URL-TO-KEY-/user2/id_rsa.pub”
This way you can iterate over add user with same object users
TASK
Let Add Keys for the users defined in group_vars/users
- name: addd authorized_keys for users
authorized_key:
user: “{{ item.user_name }}”
state: present
key: “{{ item.user_key }}”
with_items: “{{users}}”
The reason I have 2 dictionaries (and can’t combine them) is primarily the “public_ssh_keys” resides in group_var/all/ssh_keys.yml and contains all the user keys. But ssh_users reside in group_vars/[group_name].yml and the list of users can be different per [group name]
While I know having a structure like:
public_ssh_keys:
key: key
group:
-
group1
-
group4
-
user: user2
key:
group:
makes sense, and would make this play trivial, I can’t make that change at this time… .
Yes, that’s what I’ve been trying - just failing. I’ve tried “with_subelements” “with_nested” even attempted something like:
key: |
{% for name, keys in public_ssh_keys if name in ssh_users %}
…
But haven’t hit it yet…
I don't use dict that much, I try to avoid them and use list instead so look at this as pseudocode since it like has some errors, but I think you get the idea.
- include_tasks: include.yml
with_dict: '{{ public_ssh_keys }}'
loop_control:
loop_var: outer
include.yml
Ah… thanks! That’s almost got it. It fails when a “user” in public_ssh_keys isn’t in ssh_users, but I can work with that. The biggest issue though, is if a user has multiple keys in public_ssh_keys, only the first one gets placed. So I’ll need to figure out how to check for multiple keys and ensure all get added for the user…
Thanks again for the help, seems simple now that I look at it - was just too close I guess…
Ah... thanks! That's almost got it. It fails when a "user" in
public_ssh_keys isn't in ssh_users, but I can work with that.
That can be solved by a when statement
when: outer.key in ssh_users
The biggest
issue though, is if a user has multiple keys in public_ssh_keys, only the
first one gets placed. So I'll need to figure out how to check for
multiple keys and ensure all get added for the user...
That's was the hole point out include.yml, it loops over all the keys and add them.
Ah…the problem was the “exclusive: yes” directive… I removed that, and all the keys are present as expected…thanks again!