No idea how to do this... please help

[Dayton Jones]

I have 2 separate dictionaries that I need to iterate over to 1) create a user and 2) add their ssh keys (some users might have multiple keys)

The first task works, the second...not so much - I've tried so many things, I can't even remember (with_subelements, with_items, lookups, etc).   How would I iterate over the 2 dictionaries to properly add the correct key(s) to each user created in the first task?  I know it would easier to combine the 2 dictionaries, but (for reasons) I can't at this time.

---
- name: Create Users
  become: yes
  user:
    name: "{{ item }}"
    shell: /bin/bash
    state: present
  with_items:
    - "{{ ssh_users }}"
- name: Accept public keys for Users
  become: yes
  authorized_key:
    state: present
    user: ????????
    manage_dir: yes
    exclusive: yes
    key: ??????

ssh_users:
  - user1
  - user2
  - user3

public_ssh_keys:
  user1:
    - "ssh-rsa H*ogAtiwigE!YMESuneza7ahU3YXeWYGorEny2E6A2o8AzEmy@uraVaXEHUWy5AgiVe7oME7erE2eQE5owYQu&oju4a=usU+U8UBYHA1Uga*iPEpoqy5yzADijA=upy%iseREMaTa=i4UpUWi!A6EqaViJUQo2EsEwyqepejYjebytEbo5UruGYrEtEdY2o6ipe@U1EgoWiRyqa%ovUbYSugy7igabe*owiqezUDe1y=AMo!i6Ypa*iQe7oQAVYjE7opomEwUqY=izEDuxiwE=yZYQinoMY@eQY+ehaGo8ubEhuNabiPYvuXenEZara!iseMaTEnu4yQU@eMoJExULy*E=o%YzUSe3ydUDuveTEQomy5Y5YL user1"
  user2:
    - "ssh-rsa gHuLEniHa8UHU2ugu@UZovU+o6U*ANiwuNE8ERA!E6yPEDaTi!eNixY7obeMEQaGajE1e7a5ENAbUNy4o&yveQo=agExyLa6u6ERAzigyZyza2u3eGE@oNi+a*Y3yse!i+E8yREQoGU4UtUVEnE8A4Y6aWA8E8E4eBA&oZuRaqixEDi+uHeLyHETYVisatAtEzotE4a@A&UmehuLuDAQeMoxuxy5YDyVi5Ysy=uQYBYtaSaSoME+yZoBUWadAPeMoHa*iMo7Uru&U&Eja3ESAgUbUvequgEZiWa4oGuZusAzULaGuZyVabe6o&y7epUpojo2APu*eQeXaGomYnA&ehY2iSeRA+Y+yRUZa%i&udu@azEzE7A2 user2"
  user3:
    - "ssh-rsa pynU!iRUVesU+eQubARyRY7uSojyJA&A1ASa%YgUhiSidU6eXUgA*Ube+YTERy%o*U%i=yMiGyQYji4u8otohy8a!eMEbY+uzYty6adoLa!yby&YTE5YZo5uqESU8e8ajY=ySAni@Y4YrohAZUPupo!unaZoWuweZY@EbYriqUBaSY7ewedi6Y4Ave7o%UrURYHi7opY%oTeMu!uQi=ono+A6yhy2eWa2UXoxaSaLUwEpE*U5o*iqi5a@iPAwiQabi!ubeDe3upYMy5enUMAWygo@EboZe7aXySo8obEzeqY*ytYDuQY*e7UWo%YLiro=U+YpaQy4imube4ApY+uMe&o3AVeZUgYnosohy!Etode6aho8U4o user3"
    - "ssh-rsa rExaWAZu8U4u*uBy4yLYbEDi=aZeqeHotiPAMYRaQe4EdU8e%ABENo5Y2i=yrA8o&E@iqy+EgyRU!e5Y%o@aNE&y1UhELyda=U2oTU5e&a2ixeSYmYXAtinyMEzaHU6Y=Yju5uBoty2o2UJoTo6eRAWE2YNyjuRePE7ELoQy*yxY@E2UZU6EjU2uHYbEDiruvA!UhUqygeXu=AGUTuJi2agAme6EWosazuxa4UpowUdAdU%a8AgEZEJywytUwYMERa4y4Ano4utYSudaMyvU!iXAQE%oSuvipATyZu5oxEXu5AsurASU8Utu!ovUqabyDYviDY4oTU&uWU%ETE8AbY!E+yBYqUxArUTuSeju%AHE7uva7AHu user3"

[Gary Collins]

Hi,

I do something similar..

users:

  - user_name: user1

    user_uid: 667

    user_key: "https://URL-TO-KEY-/user1/id_rsa.pub"

    

  - user_name: user2

    user_group: wheel

    user_key: "https://URL-TO-KEY-/user2/id_rsa.pub"

This way you can iterate over add user with same object users

 TASK

Let Add Keys for the users defined in group_vars/users

    - name: addd authorized_keys for users

      authorized_key:

        user: "{{ item.user_name }}"

        state: present

        key: "{{ item.user_key }}" 

      with_items: "{{users}}"

[Dayton Jones]

The reason I have 2 dictionaries (and can't combine them) is primarily the "public_ssh_keys" resides in group_var/all/ssh_keys.yml and contains all the user keys.  But ssh_users reside in group_vars/[group_name].yml  and the list of users can be different per [group name] 

While I know having a structure like:

public_ssh_keys:

  - user: user1

    key: key

    group:

      - group1

      - group4

    

  - user: user2

    key:

     - key1

     - key2

    group:

      - group1

      - group2

      - group6

makes sense, and would make this play trivial, I can't make that change at this time... .

[Kai Stian Olstad]

Then you need to use loop in a loop
https://docs.ansible.com/ansible/latest/playbooks_loops.html#loop-control

--
Kai Stian Olstad

[Dayton Jones]

Yes, that's what I've been trying - just failing.  I've tried "with_subelements" "with_nested" even attempted something like:

key: |

  {% for name, keys in public_ssh_keys if name in ssh_users %}

...

But haven't hit it yet...

[Kai Stian Olstad]

I don't use dict that much, I try to avoid them and use list instead so look at this as pseudocode since it like has some errors, but I think you get the idea.


- include_tasks: include.yml
with_dict: '{{ public_ssh_keys }}'
loop_control:
loop_var: outer


include.yml
---

- name: Accept public keys for Users
become: yes
authorized_key:
state: present

user: '{{ outer.key }}'
manage_dir: yes
exclusive: yes
key: '{{ item }}'
with_items: '{{ outer.value }}'


--
Kai Stian Olstad

[Dayton Jones]

Ah... thanks!  That's almost got it.  It fails when a "user" in public_ssh_keys isn't in ssh_users, but I can work with that.  The biggest issue though, is if a user has multiple keys in public_ssh_keys, only the first one gets placed.  So I'll need to figure out how to check for multiple keys and ensure all get added for the user... 

Thanks again for the help, seems simple now that I look at it - was just too close I guess..

[Kai Stian Olstad]

On Friday, 23 March 2018 21.04.30 CET Dayton Jones wrote:
> Ah... thanks! That's almost got it. It fails when a "user" in
> public_ssh_keys isn't in ssh_users, but I can work with that.

That can be solved by a when statement

when: outer.key in ssh_users

> The biggest
> issue though, is if a user has multiple keys in public_ssh_keys, only the
> first one gets placed. So I'll need to figure out how to check for
> multiple keys and ensure all get added for the user...

That's was the hole point out include.yml, it loops over all the keys and add them.


--
Kai Stian Olstad

[Dayton Jones]

Ah...the problem was the "exclusive: yes" directive...   I removed that, and all the keys are present as expected...thanks again!