how do i lookup id_rsa.pub on a host and copy it to authorized keys on multiple servers

[Tony Wong]

how do I lookup id_rsa.pub on a host and then run ansible playbook to copy it to their authorized_key file?

[Dick Visser]

1. https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_lookup.html
2. https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html

On Wed, 20 Jul 2022 at 15:24, Tony Wong <tdub...@gmail.com> wrote:
>
> how do I lookup id_rsa.pub on a host and then run ansible playbook to copy it to their authorized_key file?
>
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2994746b-812f-4038-ad58-27d5b0c47been%40googlegroups.com.

[boncalo mihai]

Just did that, you use authorized_key module

On Wed, Jul 20, 2022 at 4:24 PM Tony Wong <tdub...@gmail.com> wrote:

how do I lookup id_rsa.pub on a host and then run ansible playbook to copy it to their authorized_key file?

[Tony Wong]

can i use jinja like this?

- name: Setup authkeys for user rke
  authorized_key:
    user: rke
    state: present
    key: “{{ lookup(‘file’, ‘{{ authorized_key }}’) }}”

keep getting error 

Setup authkeys for user rke] *******************************************
fatal: [k8master]: FAILED! => {"msg": "template error while templating string: unexpected char '‘' at 11. String: “{{ lookup(‘file’, ‘{{ authorized_key }}’) }}”"}
fatal: [k8node02]: FAILED! => {"msg": "template error while templating string: unexpected char '‘' at 11. String: “{{ lookup(‘file’, ‘{{ authorized_key }}’) }}”"}
fatal: [k8node01]: FAILED! => {"msg": "template error while templating string: unexpected char '‘' at 11. String: “{{ lookup(‘file’, ‘{{ authorized_key }}’) }}”"}

You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAOK917Sv42GhE_GR3yo5vxSrYjB9bs-8bHsn9%2BA-4O5tcLNaDA%40mail.gmail.com.

[Tony Wong]

tried this way and got same error

- name: Setup authkeys for user rke
  authorized_key:

    user: '{{ username }}'
    state: present
    key: "{{ lookup(‘file’, '/home/{{ username }}/.ssh/id_rsa.pub') }}"

[Todd Lewis]

Mustaches never nest.

key: "{{ lookup('file', '/home/' ~ username ~ '/.ssh/id_rsa.pub') }}"

[Tony Wong]

now different error

TASK [rancherpocreplay : Setup authkeys for user rke] ******************************************************
[WARNING]: Unable to find '/home/rke/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
fatal: [k8master]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/rke/.ssh/id_rsa.pub"}
[WARNING]: Unable to find '/home/rke/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/rke/.ssh/id_rsa.pub"}
[WARNING]: Unable to find '/home/rke/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/rke/.ssh/id_rsa.pub"}

but /home/rke/.ssh/id_rsa.pub is there on the ansible host

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ae4c2b44-f45e-4be7-b196-1c6b17903aaen%40googlegroups.com.

[David Logan]

Usually the .ssh/authorized_key file has fairly specific permissions (rw user only) as does the .ssh directory. It may well be the ansible user cannot see the files in the .ssh directory as it may not have the correct permissions.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkrzxV3F7%2BRdu7Z8OTe2R6VqmNqUQyC6yUi3ULH8BDweSg%40mail.gmail.com.

--

if in trouble, or in doubt
run in circles, scream and shout

[Tony Wong]

But I used become: in my main.yml

Would that have root access?

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2B8iFp7EjSBF3dNEPC%2BYCx0C0o_GkyFOPxrVveZK7uezuPpMyA%40mail.gmail.com.

[Todd Lewis]

It would have root access — on the target machine, but not on the Ansible controller.

[David Logan]

I didn't see the main.yml file and can't comment on your setup. Yes, root should have access however I'm not sure become would carry over all tasks. I thought it was task specific unless you set it in your group vars

https://docs.ansible.com/ansible/latest/user_guide/become.html

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkrbWMCpEkJChtohbr5nP4cd-s6pLQAmHYzfdKZrroc7Wg%40mail.gmail.com.

[Tony Wong]

main.yml

---

- hosts: k8s

become: true

roles:

- rancherpocreplay

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2B8iFp75JU_OtN-e2xnHu0cez6_hZ5XxrNA1baSgEa6hwtoxqQ%40mail.gmail.com.

[Tony Wong]

how do i access to lookup the id_rsa.pub file? The user running ansible playbook has sudo rights on the controller

--

You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com.

[Tony Wong]

[WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths (use -vvvvv to see paths)
fatal: [k8master]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/rke/.ssh/id_pub.rsa"}
[WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths (use -vvvvv to see paths)
fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/rke/.ssh/id_pub.rsa"}
[WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths (use -vvvvv to see paths)
fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/rke/.ssh/id_pub.rsa"}

[John Petro]

Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the ansible playbook from?  Also, what happens if you try to do a ls on that directory as the user that is executing the ansible playbook, are you getting any errors?

You received this message because you are subscribed to the Google Groups "Ansible Project" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com.

[Tony Wong]

yes it does, but the user (ansible) i am running the playbook with even though it has sudo rights and in root group cant access that folder. 

i tried to copy the id_rsa.pub to /tmp and it works

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com.

[John Petro]

Sounds like you have a local permissions issue. 

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com.

[Dick Visser]

On Thu, 21 Jul 2022 at 16:32, Tony Wong <tdub...@gmail.com> wrote:
>
> yes it does, but the user (ansible) i am running the playbook with even though it has sudo rights and in root group cant access that folder.

Your authorized_keys task is run on the remote host, but using the
lookup/file plugin in one of the arguments doesn't allow for privilege
escalation locally.
I think for fetching the materials, you should have an initial
set_fact task with delegate_to=localhost and set become=true on that.

(not verified)

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com.

[Tony Wong]

do you mean something like this?

---
# tasks file for createuser
- include_vars:
   dir: vars

- name: Get id_rsa.pub from localhost
  set_fact:
    auth_key: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"
  delegate_to: localhost

- name: create user rke
  ansible.builtin.user:
    name: '{{ username }}'
    shell: '{{ shell }}'
    generate_ssh_key: yes
    create_home: yes
    groups: [ "{{ group1 }}", "{{ group2 }}" ]
    append: yes  
    ssh_key_file: .ssh/id_rsa
  become: true

- name: Make sure we have a 'wheel' group
  group:
    name: wheel
    state: present

- name: Allow 'wheel' group to have passwordless sudo
  lineinfile:
    dest: /etc/sudoers
    state: present
    regexp: '^%wheel'
    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
    validate: 'visudo -cf %s'

- name: Setup authkeys for user rke

  become: true

  authorized_key:
    user: '{{ username }}'
    state: present

    key: auth_key

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com.

[Tony Wong]

trying to do this another way

- name: copy id_rsa.pub to tmp for reading on localhost
  ansible.builtin.shell:
    cmd: "{{ command2 }}"
  register: shell_output
  become: true
  delegate_to: localhost

where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'

I am trying to run this only on the ansible controller (localhost)

but it looks like its trying to run on remote nodes

fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (command) module: cmd Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (command) module: cmd Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (command) module: cmd Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends, warn"}

any idea?

[John Petro]

I am sure you have mentioned this before, so forgive me if it's a repeat. I couldn't find the email in my inbox.  What is it you are trying to do again?  

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com.

[Tony Wong]

trying to copy id_rsa.pub for a user (rke) on my ansible controller to authorized_keys on remote hosts

I am running ansible playbook as user ansible

since ansible user cannt access /home/rke/.ssh, it cannot lookup the pub key

I tried elevating privileges on lookup tasks and cannot do it

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob_vVDzNa_PuEECXDLjCb8532qFTDNwzjzYPBgStfr%2B4%2Bw%40mail.gmail.com.

[John Petro]

just for giggles, have you tried putting a sudo in front of your command?  I am not saying this would work, but just curious if maybe the "become" is being honored on the remote site only, so locally it might still be running as whatever local user you are running the ansible playbook as.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkpreazuMPR34At7PX_U3Pgwiho41N5TGGqaMyV1UCopjA%40mail.gmail.com.

[Tony Wong]

still failed

TASK [rancherpocreplay : copy id_rsa.pub to tmp for reading] *****************************************************************************************************************

fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (command) module: cmd Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (command) module: cmd Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (command) module: cmd Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends, warn"}

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob9DV1UBDVJU%3DBNa1w-QQZ%2BAAAanYOtSjbRavQhKmSAhDQ%40mail.gmail.com.

[John Petro]

What ansible version do you have installed

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkpMdhZcS%3D94CP3ZaiG9wSsOnNmy_uJCNNLu%3DB_d63uzjA%40mail.gmail.com.

[Tony Wong]

ansible 2.9.6
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob-uZcFQd9M%3DiraOww%2BTHt61RmtFVj4DkwjzYfkbQmfYFw%40mail.gmail.com.

[Todd Lewis]

The error message is pretty clear: the command module doesn't have a "cmd" parameter. (Then it helpfully lists the parameters it does have.)

You could say

  ansible.builtin.shell: "{{ command2 }}"

But Brian already gave you a solution, which I'll repeat here:

You either need to run ansible-playbook as a user with permissions (rke, root?)

or use a task to read the file while using privilege escalation (become):

 - slurp:

     path: , '/home/rke/.ssh/id_rsa.pub'

   become: yes

   delegate_to: localhost

   register: rke_pub_key

This is the equivalent of you doing `sudo cat /home/rke/.ssh/id_rsa.pub'

(lookups always run 'locally and are not affected by become, which only affects the 'remote' side of a task).

[John Petro]

The one thing I will add to this, is that if you are using ansible 2.9.x, make sure you are looking at that version of the docs.  Some of the problems you might be having could be from exactly what Todd was getting at.  This goes for the module that was suggested to you earlier for this task. ( the ssh_key module ) if you haven't already looked at the 2.9 specific documentation.

When it comes to this, I also have found google to be my friend in these cases.  It will many times, point me to a github repository where someone has written something similar to what I am trying to do, which definitely has helped get me on the right track more than a few times.  Hope you are able to get this worked out. 

--John

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8c50e7fd-a866-4e41-b49f-cee4cf39af48n%40googlegroups.com.

[Tony Wong]

ok now getting different error

ASK [rancherpocreplay : Setup authkeys for user rke] ************************************************************************************************************************
[WARNING]: The value {'content': 'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI
0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVt
VVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT
2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3
g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==', 'source': '/home/rke/.ssh/id_rsa.pub', 'changed':
False, 'encoding': 'base64', 'failed': False} (type dict) in a string field was converted to u"{'content': 'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZ
zNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdW
VrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2Q
zbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0r
OFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhd
GVkIG9uIGs4Z3VpCg==', 'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding': 'base64', 'failed': False}" (type string). If this does not look like what you
expect, quote the entire value to ensure it does not change.
fatal: [k8node01]: FAILED! => {"changed": false, "msg": "invalid key specified: {'content': 'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==', 'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding': 'base64', 'failed': False}"}
fatal: [k8node02]: FAILED! => {"changed": false, "msg": "invalid key specified: {'content': 'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==', 'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding': 'base64', 'failed': False}"}
fatal: [k8master]: FAILED! => {"changed": false, "msg": "invalid key specified: {'content': 'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==', 'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding': 'base64', 'failed': False}"}

I 

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8c50e7fd-a866-4e41-b49f-cee4cf39af48n%40googlegroups.com.

[Tony Wong]

ok finally got it working. Thanks all for your help

---
# tasks file for createuser
- include_vars:
   dir: vars

   #- name: copy id_rsa.pub to tmp for reading
   #ansible.builtin.shell:
   # cmd: "{{ command2 }}"
   #register: shell_output
   #become: true
   #delegate_to: localhost

- name: read id_rsa.pub
  slurp:
    path: "{{ authorized_key }}"

  become: yes
  delegate_to: localhost
  register: rke_pub_key  

    key: "{{ rke_pub_key['content'] | b64decode }}"
    validate_certs: false

[John Petro]

glad to hear that you got it working.  Now on to the next thing, right?  hehe

--John 

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkp_Xf5AsHiXpYuc8PC83GwRB596z4cFn7_Vj6heOiQg6w%40mail.gmail.com.

[Tony Wong]

Yes 

My next take is to run rke up pointing to yaml file on my ansible host as rke user

Will see how it goes

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob-Z6nhnTHodFJTwqfVv0xzDM9mYqbV-_N-T_3_19mxqAw%40mail.gmail.com.