On 05/07/2014 09:32 PM, Bruce Pennypacker wrote:
> Ah, thanks!  All the documentation for the authorized_key module
> implies that it works on just one key at a time, not a file/string
> that contains multiple keys.  That documentation should really be
> updated...
>
> -Bruce
>
> On Wednesday, May 7, 2014 2:13:42 PM UTC-4, Matt Martz wrote:
>
>     I'd recommend storing you keys in files, and using lookup('file',
>     ...) 
>
>     The. You can store multiple keys in a single file.
>
>     Additionally you could just store multiple keys as a string with
>     new lines in your current data structure and not try using a list.
>
>     On Wednesday, May 7, 2014, Bruce Pennypacker
>     <[email protected] <javascript:>> wrote:
>
>         We have a role that defines user accounts as follows:
>
>         users:
>           - username: user1
>             comment: User 1
>             uid: 3001
>             ssh_key: "xxx"
>
>           - username: user2
>             comment: User 2
>             uid: 3002
>             ssh_key: "yyy"
>
>         Users are then grouped by name into other lists:
>
>         regular_users:
>           - user1
>           - user2
>         ...
>
>         ops_users:
>           - user3
>           - user4
>         ...
>
>         Our hosts then have a fact called user_roles that's a list of
>         each group of users and individual usernames to create
>         accounts for.  We then have tasks defined like this:
>
>         - name: add users
>           user: name={{ item.username }}
>                 comment="{{ item.comment }}"
>                 uid={{ item.uid }}
>           when: item.username in lookup('flattened',user_roles)
>           with_items: users
>
>         - name: add SSH keys
>           authorized_key: user={{ item.username }}
>                           key="{{ item.ssh_key }}"
>           when: item.username in lookup('flattened',user_roles) and
>         item.ssh_key is defined
>           with_items: users
>
>         All of this is working great.  We're managing about 50
>         different user accounts over 80 servers in varying groups
>         without any difficulty.  But now I'd like to be able to extend
>         this to support multiple SSH keys for each user.  So I'd like
>         to be able to define a user along these lines:
>
>           - username: userFoo
>             comment: User Foo
>             uid: 4321
>             ssh_keys: [ 'xxx', 'yyy', 'zzz']
>
>         But if I do this then I'm at a complete loss of how to rewrite
>         the authorized_key task to handle it properly.  At first
>         glance I would expect that I'd need to use with_nested but I'm
>         not entirely sure how to go about doing it.  I tried
>         variations of this, but haven't gotten anything to work:
>
>         - name: add multiple SSH keys
>           authorized_key: user={{ item[0].username }}
>                           key="{{ item.[1] }}"
>           when: item[0].username in lookup('flattened',user_roles) and
>         item[0].ssh_keys is defined
>           with_nested:
>             - users
>             - item[0].ssh_keys
>
>         Is there a better way of managing a dynamic list of ssh keys?
>          Or am I just trying something that's too complex for Ansible
>         to handle cleanly?
>
>         -Bruce
>
>
>         -- 
>         You received this message because you are subscribed to the
>         Google Groups "Ansible Project" group.
>         To unsubscribe from this group and stop receiving emails from
>         it, send an email to [email protected].
>         To post to this group, send email to
>         [email protected].
>         To view this discussion on the web visit
>         
> https://groups.google.com/d/msgid/ansible-project/ed9760ef-ae4d-4403-b145-2e8d0ec84d34%40googlegroups.com
>         
> <https://groups.google.com/d/msgid/ansible-project/ed9760ef-ae4d-4403-b145-2e8d0ec84d34%40googlegroups.com?utm_medium=email&utm_source=footer>.
>         For more options, visit https://groups.google.com/d/optout
>         <https://groups.google.com/d/optout>.
>
>
>
>     -- 
>     Matt Martz
>     [email protected] <javascript:>
>     http://sivel.net/
>
> -- 
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected]
> <mailto:[email protected]>.
> To post to this group, send email to [email protected]
> <mailto:[email protected]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/567aee32-6cf7-4ef2-8caf-f398087f4940%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/567aee32-6cf7-4ef2-8caf-f398087f4940%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

You can store multiple keys in a single file, but that means that you
would have to manually create a separate file for each key combination
you want to deploy.
Instead, take a look at my pull request for with_nested
(https://github.com/ansible/ansible/pull/7278) and the example I have
given in my previous post at the "Nested looping with hash/dict so I can
override values" thread. It would allow you to do what you want more
cleanly.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/536E2DC8.3030902%40yahoo.gr.
For more options, visit https://groups.google.com/d/optout.

Reply via email to