Ah, thanks! All the documentation for the authorized_key module implies
that it works on just one key at a time, not a file/string that contains
multiple keys. That documentation should really be updated...
-Bruce
On Wednesday, May 7, 2014 2:13:42 PM UTC-4, Matt Martz wrote:
>
> I'd recommend storing you keys in files, and using lookup('file', ...)
>
> The. You can store multiple keys in a single file.
>
> Additionally you could just store multiple keys as a string with new lines
> in your current data structure and not try using a list.
>
> On Wednesday, May 7, 2014, Bruce Pennypacker
> <[email protected]<javascript:>>
> wrote:
>
>> We have a role that defines user accounts as follows:
>>
>> users:
>> - username: user1
>> comment: User 1
>> uid: 3001
>> ssh_key: "xxx"
>>
>> - username: user2
>> comment: User 2
>> uid: 3002
>> ssh_key: "yyy"
>>
>> Users are then grouped by name into other lists:
>>
>> regular_users:
>> - user1
>> - user2
>> ...
>>
>> ops_users:
>> - user3
>> - user4
>> ...
>>
>> Our hosts then have a fact called user_roles that's a list of each group
>> of users and individual usernames to create accounts for. We then have
>> tasks defined like this:
>>
>> - name: add users
>> user: name={{ item.username }}
>> comment="{{ item.comment }}"
>> uid={{ item.uid }}
>> when: item.username in lookup('flattened',user_roles)
>> with_items: users
>>
>> - name: add SSH keys
>> authorized_key: user={{ item.username }}
>> key="{{ item.ssh_key }}"
>> when: item.username in lookup('flattened',user_roles) and item.ssh_key
>> is defined
>> with_items: users
>>
>> All of this is working great. We're managing about 50 different user
>> accounts over 80 servers in varying groups without any difficulty. But now
>> I'd like to be able to extend this to support multiple SSH keys for each
>> user. So I'd like to be able to define a user along these lines:
>>
>> - username: userFoo
>> comment: User Foo
>> uid: 4321
>> ssh_keys: [ 'xxx', 'yyy', 'zzz']
>>
>> But if I do this then I'm at a complete loss of how to rewrite the
>> authorized_key task to handle it properly. At first glance I would expect
>> that I'd need to use with_nested but I'm not entirely sure how to go about
>> doing it. I tried variations of this, but haven't gotten anything to work:
>>
>> - name: add multiple SSH keys
>> authorized_key: user={{ item[0].username }}
>> key="{{ item.[1] }}"
>> when: item[0].username in lookup('flattened',user_roles) and
>> item[0].ssh_keys is defined
>> with_nested:
>> - users
>> - item[0].ssh_keys
>>
>> Is there a better way of managing a dynamic list of ssh keys? Or am I
>> just trying something that's too complex for Ansible to handle cleanly?
>>
>> -Bruce
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/ed9760ef-ae4d-4403-b145-2e8d0ec84d34%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/ed9760ef-ae4d-4403-b145-2e8d0ec84d34%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> --
> Matt Martz
> [email protected] <javascript:>
> http://sivel.net/
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/567aee32-6cf7-4ef2-8caf-f398087f4940%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
