Patches would be accepted! :)
On Wed, May 7, 2014 at 2:32 PM, Bruce Pennypacker < [email protected]> wrote: > Ah, thanks! All the documentation for the authorized_key module implies > that it works on just one key at a time, not a file/string that contains > multiple keys. That documentation should really be updated... > > -Bruce > > > On Wednesday, May 7, 2014 2:13:42 PM UTC-4, Matt Martz wrote: > >> I'd recommend storing you keys in files, and using lookup('file', ...) >> >> The. You can store multiple keys in a single file. >> >> Additionally you could just store multiple keys as a string with new >> lines in your current data structure and not try using a list. >> >> On Wednesday, May 7, 2014, Bruce Pennypacker <[email protected]> >> wrote: >> >>> We have a role that defines user accounts as follows: >>> >>> users: >>> - username: user1 >>> comment: User 1 >>> uid: 3001 >>> ssh_key: "xxx" >>> >>> - username: user2 >>> comment: User 2 >>> uid: 3002 >>> ssh_key: "yyy" >>> >>> Users are then grouped by name into other lists: >>> >>> regular_users: >>> - user1 >>> - user2 >>> ... >>> >>> ops_users: >>> - user3 >>> - user4 >>> ... >>> >>> Our hosts then have a fact called user_roles that's a list of each group >>> of users and individual usernames to create accounts for. We then have >>> tasks defined like this: >>> >>> - name: add users >>> user: name={{ item.username }} >>> comment="{{ item.comment }}" >>> uid={{ item.uid }} >>> when: item.username in lookup('flattened',user_roles) >>> with_items: users >>> >>> - name: add SSH keys >>> authorized_key: user={{ item.username }} >>> key="{{ item.ssh_key }}" >>> when: item.username in lookup('flattened',user_roles) and item.ssh_key >>> is defined >>> with_items: users >>> >>> All of this is working great. We're managing about 50 different user >>> accounts over 80 servers in varying groups without any difficulty. But now >>> I'd like to be able to extend this to support multiple SSH keys for each >>> user. So I'd like to be able to define a user along these lines: >>> >>> - username: userFoo >>> comment: User Foo >>> uid: 4321 >>> ssh_keys: [ 'xxx', 'yyy', 'zzz'] >>> >>> But if I do this then I'm at a complete loss of how to rewrite the >>> authorized_key task to handle it properly. At first glance I would expect >>> that I'd need to use with_nested but I'm not entirely sure how to go about >>> doing it. I tried variations of this, but haven't gotten anything to work: >>> >>> - name: add multiple SSH keys >>> authorized_key: user={{ item[0].username }} >>> key="{{ item.[1] }}" >>> when: item[0].username in lookup('flattened',user_roles) and >>> item[0].ssh_keys is defined >>> with_nested: >>> - users >>> - item[0].ssh_keys >>> >>> Is there a better way of managing a dynamic list of ssh keys? Or am I >>> just trying something that's too complex for Ansible to handle cleanly? >>> >>> -Bruce >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/ansible-project/ed9760ef-ae4d-4403-b145- >>> 2e8d0ec84d34%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/ed9760ef-ae4d-4403-b145-2e8d0ec84d34%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> -- >> Matt Martz >> [email protected] >> http://sivel.net/ >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/567aee32-6cf7-4ef2-8caf-f398087f4940%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/567aee32-6cf7-4ef2-8caf-f398087f4940%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzzOw6jW6FgLPC528-NLRp_y3V9hZX8F5KcnDayCBExtw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
