why am i not able to access id_rsa.pub as another user?
177 views
Skip to first unread message
Tony Wong
Jul 22, 2022, 8:54:59 AM7/22/22
to Ansible Project
I still keep geting this error
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while templating '{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/rke/.ssh/id_rsa.pub"}
The file does exist but the user running the task dont have access. So I used become: root
and become_method: sudo
but still dont work
---
- hosts: localhost
gather_facts: false
vars:
filecon: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"
tasks:
- debug:
msg: "the value of foo.txt is: {{ filecon }}"
become_user: root
become_method: sudo
- hosts: localhost
gather_facts: false
vars:
filecon: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"
tasks:
- debug:
msg: "the value of foo.txt is: {{ filecon }}"
become_user: root
become_method: sudo
Brian Coca
Jul 22, 2022, 10:22:13 AM7/22/22
to Ansible Project
simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you
probably get same permissions error.
You either need to run ansible-playbook as a user with permissions
(rke, root?) or use a task to read the file while using privilege
escalation (become):
- slurp:
path: , '/home/rke/.ssh/id_rsa.pub'
become: yes
delegate_to: localhost
register: rke_pub_key
This is the equivalent of you doing `sudo cat
/home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not
affected by become, which only affects the 'remote' side of a task).
--
----------
Brian Coca
probably get same permissions error.
You either need to run ansible-playbook as a user with permissions
(rke, root?) or use a task to read the file while using privilege
escalation (become):
- slurp:
path: , '/home/rke/.ssh/id_rsa.pub'
become: yes
delegate_to: localhost
register: rke_pub_key
This is the equivalent of you doing `sudo cat
/home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not
affected by become, which only affects the 'remote' side of a task).
--
----------
Brian Coca
Tony Wong
Jul 22, 2022, 12:45:00 PM7/22/22
to ansible...@googlegroups.com
thats what im trying to do
---
- hosts: localhost
become: yes
- hosts: localhost
become: yes
gather_facts: false
vars:
filecon: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"
tasks:
- debug:
msg: "the value of foo.txt is: {{ filecon }}"
delegate_to: localhost
why is this not working?
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/q7do6W_q0LE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7etLAjkCrhheEt9vKxq%3Dt_7%2BpDXLN8%2BK9DoX%2BJRJ65OBg%40mail.gmail.com.
Tony Wong
Jul 22, 2022, 1:28:11 PM7/22/22
to ansible...@googlegroups.com
so does it mean I am unable to use elevate privileges using lookup?
---
- name: read file on host
hosts: localhost
become: yes
become_user: root
become_method: sudo
vars:
contents: "{{ lookup('file','/home/rke/.ssh/id_rsa.pub') }}"
tasks:
- name: print file
ansible.builtin.debug:
msg: "the content of file is {{ contents }}"
- name: read file on host
hosts: localhost
become: yes
become_user: root
become_method: sudo
vars:
contents: "{{ lookup('file','/home/rke/.ssh/id_rsa.pub') }}"
tasks:
- name: print file
ansible.builtin.debug:
msg: "the content of file is {{ contents }}"
still not able to do it
however this works
---
- hosts: localhost
become: yes
- hosts: localhost
become: yes
name: List the contents of home directory
tasks:
- name: List files and folder in home directory
shell: 'cat /home/rke/.ssh/id_rsa.pub'
register: command_output
- debug:
var: command_output.stdout_lines
tasks:
- name: List files and folder in home directory
shell: 'cat /home/rke/.ssh/id_rsa.pub'
register: command_output
- debug:
var: command_output.stdout_lines
Nico Kadel-Garcia
Jul 23, 2022, 3:02:26 PM7/23/22
to ansible...@googlegroups.com
On Fri, Jul 22, 2022 at 10:22 AM Brian Coca <bc...@redhat.com> wrote:
>
> simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you
> probably get same permissions error.
The $HOME/.ssh/ directory is normally restricted in its permissions to
>
> simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you
> probably get same permissions error.
permit the SSH private keys there to be used. It's partly why Ansible
has hooks to store private, and public, keys in the ansible vault
rather than merely pulling them from the local filesystem. The public
keys are not usually such an issue to publish as part of the playbook
or the ansible configuration itself. Is there any compelling reason
not to store such a reference public key in the playbook's
configuration files?
> You either need to run ansible-playbook as a user with permissions
> (rke, root?) or use a task to read the file while using privilege
> escalation (become):
>
> - slurp:
> path: , '/home/rke/.ssh/id_rsa.pub'
> become: yes
> delegate_to: localhost
> register: rke_pub_key
>
>
> This is the equivalent of you doing `sudo cat
> /home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not
> affected by become, which only affects the 'remote' side of a task).
>
> --
> ----------
> Brian Coca
>
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
Brian Coca
Jul 25, 2022, 9:05:59 AM7/25/22
to Ansible Project
> so does it mean I am unable to use elevate privileges using lookup?
exactly
--
----------
Brian Coca
Reply all
Reply to author
Forward
0 new messages