Ensure that file 1 (authorized_keys) contains file 2 (id_ed25519.pub)
38 views
Skip to first unread message
Uwe Sauter
Nov 2, 2015, 5:34:22 PM11/2/15
to Ansible Project
Hi all,
just beginning my adventure with Ansible.
Following situation: I'm trying to ensure that a user called "ansible" is present on all hosts that should be managed by Ansible.
Creating group and user works so far. Now I'm trying to enable password-less SSH login for that user by copying a well known key
pair to the host.
### playbook.yml
---
- hosts: all-root
user: root
tasks:
- name: check Ansible group
group:
name: "ansible"
gid: 200
state: present
system: yes
- name: check Ansible user
user:
name: "ansible"
comment: "Ansible Management User"
createhome: yes
home: "/ansible"
group: "ansible"
shell: "/bin/bash"
uid: 200
system: yes
state: present
- name: enable password-less SSH for user ansible (.ssh folder)
file:
path: "/ansible/.ssh"
state: directory
owner: "ansible"
group: "ansible"
mode: 0755
- name: enable password-less SSH for user ansible (public key)
copy:
src: "./ansible.config/ansible.id_ed25519.pub"
dest: "/ansible/.ssh/id_ed25519.pub"
owner: "ansible"
group: "ansible"
mode: 0644
- name: enable password-less SSH for user ansible (private key)
copy:
src: "./ansible.config/ansible.id_ed25519"
dest: "/ansible/.ssh/id_ed25519"
owner: "ansible"
group: "ansible"
mode: 0600
###
But I have no idea how to ensure that the authorized_keys file contains the public key. I just could copy
/ansible/.ssh/id_ed25519.pub to /ansible/.ssh/authorized_keys but that might override additional allowed keys.
Can anyone point me to the right module that allows something like the lineinfile module but with that extra dynamic input? I
don't want to specify the content of id_ed25519.pub inside the playbook.
Is there some other solution to this issue?
Best,
Uwe
just beginning my adventure with Ansible.
Following situation: I'm trying to ensure that a user called "ansible" is present on all hosts that should be managed by Ansible.
Creating group and user works so far. Now I'm trying to enable password-less SSH login for that user by copying a well known key
pair to the host.
### playbook.yml
---
- hosts: all-root
user: root
tasks:
- name: check Ansible group
group:
name: "ansible"
gid: 200
state: present
system: yes
- name: check Ansible user
user:
name: "ansible"
comment: "Ansible Management User"
createhome: yes
home: "/ansible"
group: "ansible"
shell: "/bin/bash"
uid: 200
system: yes
state: present
- name: enable password-less SSH for user ansible (.ssh folder)
file:
path: "/ansible/.ssh"
state: directory
owner: "ansible"
group: "ansible"
mode: 0755
- name: enable password-less SSH for user ansible (public key)
copy:
src: "./ansible.config/ansible.id_ed25519.pub"
dest: "/ansible/.ssh/id_ed25519.pub"
owner: "ansible"
group: "ansible"
mode: 0644
- name: enable password-less SSH for user ansible (private key)
copy:
src: "./ansible.config/ansible.id_ed25519"
dest: "/ansible/.ssh/id_ed25519"
owner: "ansible"
group: "ansible"
mode: 0600
###
But I have no idea how to ensure that the authorized_keys file contains the public key. I just could copy
/ansible/.ssh/id_ed25519.pub to /ansible/.ssh/authorized_keys but that might override additional allowed keys.
Can anyone point me to the right module that allows something like the lineinfile module but with that extra dynamic input? I
don't want to specify the content of id_ed25519.pub inside the playbook.
Is there some other solution to this issue?
Best,
Uwe
Brian Coca
Nov 2, 2015, 6:47:59 PM11/2/15
to Ansible Project
that is what the authorized_keys module is for
http://docs.ansible.com/ansible/authorized_key_module.html, use that
instead to copy the public key. Also you should not be copying the
private key.
--
Brian Coca
http://docs.ansible.com/ansible/authorized_key_module.html, use that
instead to copy the public key. Also you should not be copying the
private key.
--
Brian Coca
Uwe Sauter
Nov 3, 2015, 11:19:38 AM11/3/15
to ansible...@googlegroups.com
Thanks Brian!
Reply all
Reply to author
Forward
0 new messages