Question about authorized_key module

[lift...@gmail.com]

Can someone clear this up for me?  If I have the following playbook:

---
- hosts: rhev_hosts
  become: yes
  become_method: su
  gather_facts: no
  vars:
    ssh_key: '/root/.ssh/id_rsa.pub'

  tasks:

  - name: Copy SSH key to each server
    authorized_key:
      key: "{{ lookup('file', ssh_key) }}"
      user: root

Will that basically do an ssh-copy-id  from each host in rhev_hosts to every other host in that host group?  In other words, if I had 10 hosts in that host group, will this playbook copy the key from host 1 to 2/3/4, etc., then from host 2 to 1/3/4, etc.??

Thanks,

Harry

[Vladimir Botka]

On Wed, 7 Dec 2022 12:23:59 -0800 (PST)
"lift...@gmail.com" <lift...@gmail.com> wrote:

> - hosts: rhev_hosts
> become: yes
> become_method: su
> gather_facts: no
> vars:
> ssh_key: '/root/.ssh/id_rsa.pub'
>
> tasks:
>
> - name: Copy SSH key to each server
> authorized_key:
> key: "{{ lookup('file', ssh_key) }}"
> user: root
>
> Will that basically do an ssh-copy-id from each host in rhev_hosts to
> every other host in that host group?

No. The playbook won't neither do *ssh-copy-id* nor will it copy
public keys from each host in rhev_hosts to every other host in that
host group. The playbook will read /root/.ssh/id_rsa.pub on the
controller and insert this public key into the root's authorized_key
file on each host in the group rhev_hosts.

Notes:
* lookup always works on the controller.
* It is a bad idea to use root account on the Ansible controller to
run a playbook.
* It is also a bad idea to ssh to root on the remote host.
* The module ansible.posix.authorized_key doesn't use *ssh-copy-id*
utility. It writes the file authorized_key directly.

--
Vladimir Botka