I have the following two plays to create users with ssh keys in NXOS:
-
name: Create User
nxos_config:
lines: -
username “{{ item }}” role network-admin
provider: “{{ cli }}”
with_items: “{{ cil_network_admins }}” -
name: Create User’s SSH Keys
nxos_config:
lines: -
username “{{ item }}” sshkey “{{ user_data[item].ssh_key }}”
provider: “{{ cli }}”
with_items: “{{ cil_network_admins }}”
The data structures are:
user_data:
stevenca:
name: “Steven Carter”
uid: 2000
group: admin
ssh_key: “ssh-rsa Rest of SSH Key…”
cil_network_admins:
- stevenca
I do not get any errors:
TASK [Create User] *************************************************************
changed: [XXX.XXX.XXX.129] => (item=stevenca)
changed: [XXX.XXX.XXX.128] => (item=stevenca)
TASK [Create User’s SSH Keys] **************************************************
changed: [XXX.XXX.XXX.129] => (item=stevenca)
changed: [XXX.XXX.XXX.128] => (item=stevenca)
PLAY RECAP *********************************************************************
XXX.XXX.XXX.128 : ok=4 changed=2 unreachable=0 failed=0
XXX.XXX.XXX.129 : ok=4 changed=2 unreachable=0 failed=0
But it does not work. I get ‘username stevenca role network-admin’ in the switch’s config, but no ssh key. Is there a length limit that silently eats the SSH key?
The above is using ‘cli’ for transport. When I use ‘nxapi’, I get:
TASK [Create User] *************************************************************
changed: [XXX.XXX.XXX.128] => (item=stevenca)
failed: [XXX.XXX.XXX.129] (item=stevenca) => {“clierror”: “% String failed to match token pattern\n”, “code”: “400”, “failed”: true, “item”: “stevenca”, “msg”: “CLI execution error”}
TASK [Create User’s SSH Keys] **************************************************
failed: [XXX.XXX.XXX.128] (item=stevenca) => {“clierror”: “invalid SSH key format\n”, “code”: “400”, “failed”: true, “item”: “stevenca”, “msg”: “CLI execution error”}
I verified the key by adding manually, and it worked fine. It seems like the above could come from truncation as well.
Thanks,
Steven.