loops, file globs, ssh_keys...

55 views
Skip to first unread message

pixel fairy

unread,
Sep 19, 2016, 8:01:00 AM9/19/16
to Ansible Project
looking on google, this seems to come up a lot.
have users. each user has N ssh keys. sometimes, one of the users keys is revoked. for example, a crashed cellphone sent in for repair. 

we keep keys like this
.
├── voxel
│   └── voxel.pub
├── pixel
│   ├── pixelphone3.pub
│   ├── pixel.pub
│   └── revoked
│       └── pixelphone2.pub
└── root
    ├── voxel.pub
    └── pixel.pub


with a single user, this works

---
- hosts: all
  tasks:
  - name: install ssh keys
    authorized_key:
      user=root
      key="{{ lookup('file',item) }}"
    with_fileglob:
      - ssh_keys/root/*
  - name: remove unwanted keys
    authorized_key:
      user=root
      state=absent
      key="{{ lookup('file',item) }}"
    with_fileglob:
      - ssh_keys/root/revoked/*

how can you do that with a list of users?

tried

---
- hosts: multiuser
  tasks:
  - name: install user
    user: name={{ item }} 
    with_items: "{{ users }}"
  - name: install ssh keys
    authorized_key:
      user: "{{ item.0 }}"
      key: "{{ lookup('file',item.1) }}"
    with_nested:
      - "{{ users }}"
      - "{{ lookup('fileglob', 'public_keys/{{ item.0 }}/*').split(',') }}"

but got 

[DEPRECATION WARNING]: Skipping task due to undefined Error, in the future this will be a 
fatal error.: 'item' is undefined.
This feature will be removed in a future release. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
fatal: [devla]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'item' is undefined\n\nThe error appears to have been in '/home/pixel/hivecluster/users.yml': line 7, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n    with_items: \"{{ users }}\"\n  - name: install ssh keys\n    ^ here\n"}

Kai Stian Olstad

unread,
Sep 19, 2016, 3:33:10 PM9/19/16
to ansible...@googlegroups.com
You could put this in it's own file, use include with with_items and
loop_control.

https://docs.ansible.com/ansible/playbooks_loops.html#loop-control

--
Kai Stian Olstad

pixel fairy

unread,
Sep 20, 2016, 6:06:47 AM9/20/16
to Ansible Project, ansible-pr...@olstad.com
On Monday, September 19, 2016 at 12:33:10 PM UTC-7, Kai Stian Olstad wrote

You could put this in it's own file, use include with with_items and
loop_control.

https://docs.ansible.com/ansible/playbooks_loops.html#loop-control

 odd to have to put that into two files, but exactly what i was looking for
Reply all
Reply to author
Forward
0 new messages