". The above obviously failed because register can not be
associated with the host on which the module run."
I'm not understanding this part entirely, but I'd recommend authorizing
keys for specific users and setting up sudo in general in that case.
For our own ansible infrastructure, this involves a list of users and their
keyfiles, and then something like what's below.
Checking your authorized keys into source control can be a good idea.
You may also wish to template the authorized_key file using a list of keys,
rather than using the authorized_key module.
- name: create/managed authorized users user: name={{ item.username }}
groups=wheel append=yes with_items: authorized_users
- name: remove unauthorized user accounts user: name={{ item.username }}
state=absent with_items: unauthorized_users - name: add user keys
authorized_key: user={{ item.username }} key="{{ lookup('file', item.key)
}}" with_items: authorized_users
On Tue, Sep 9, 2014 at 11:18 AM, Abubakr-Sadik Nii Nai Davis <
[email protected]> wrote:
> Hello gentle people,
>
> I think being able to register the output of commands/modules as host
> variables will be very useful.
> I got this idea writing a playbook to do;
>
> 1. create a root user key pair for a couple hosts
> 2. authorizing the root user public key of all hosts to connect to all
> other hosts.
>
> My approach is to use the 'user' module to create generate the key pair,
> then use the output
> of the user module for each host as the key parameter to the
> 'authorized_key' module.
>
> - name: generate SSH key pair for root user
> user:
> name: root
> generate_ssh_key: yes
> ssh_key_comment: "{{inventory_hostname}}"
> register: root_key
>
> - name: add authorized keys for root
> authorized_key:
> user: root
> key: "{{hostvars[item]['root_key']['ssh_public_key']}}"
> with_items: groups['allservers']
>
> Unless I am not using 'register' right. The above obviously failed because
> register can not be
> associated with the host on which the module run. This will definitely be
> a good thing to have.
>
> Any thoughts on my approach to generating and authorizing key pairs for
> all hosts?
> Is the ability to register module output like a host variable useful or
> can such be accomplished by
> other means?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/b7889e8c-289a-42e5-b59b-bdb57616d752%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/b7889e8c-289a-42e5-b59b-bdb57616d752%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxvM0xpJh7C4FixLhYxTPZ%2B52Sd2sZF4bVwX16MU8pZSA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
