[ansible-project] Re: Creating and distributing ssh keys

[Dan Vaida]

---

- hosts: all 
  sudo: yes 
  tasks:

    - name: Generate root sshkey
      user: >
        name=root
        generate_ssh_key=yes
        ssh_key_bits=4096
        ssh_key_type=rsa
        ssh_key_file=/root/.ssh/id_rsa_{{ ansible_hostname }}
      register: rootkeys
      tags: cephkeys

    - debug: var=rootkeys
      tags: cephkeys
    
    - name: place pubkeys in authorized_keys
      authorized_key: >
        key="{{ hostvars[item].rootkeys.ssh_public_key }}" 
        state=present
        user=root
      with_items: groups['all']
      register: authorize
      tags: cephkeys
    
    - debug: var=authorize
      tags: cephkeys

Sorry, I didn't know that was indeed what you were expecting.
So, I will assume based on your output, that the scope of your tasks are 
those three machines (I placed them in the 'all' group). Give that a try.


On Tuesday, 13 January 2015 07:18:15 UTC+1, Mark Maas wrote:
>
>
> On Sunday, January 11, 2015 at 12:02:10 PM UTC+1, Dan Vaida wrote:
>>
>> as I see it, based on your input, you have two problems:
>> 1. you're creating the users and generating unique keys on each of the 
>> target hosts
>>
>
> Correct, and that's what I'm trying to get.
>  
>
>> 2. you're trying to iterate through the 'rootkeys' in a way that will 
>> never work for the key parameter.
>>
>
> Ah yes, something that is re-occuring with ansible for me ;-) it's not 
> always clear how to reference variables, sometimes with value.something, 
> other times wit set.something, with_dict, with_flattened,etc not very 
> clear...
> No matter, just learing I guess but the variables with the correct data is 
> obviously there, I just need the correct syntax I would think?
>  
>
>>
>> So, I'd use 'delegate_to: localhost' on the user task, then on the 
>> authorized_keys task, in the 'with_items' you would use 
>> rootkeys.ssh_public_key 
>> to access the keys.
>>
>>>
>>>
> But then all the keys would be the same right?  Not what I would want in 
> this case.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b74be6b5-ae21-42c6-a36f-647727e5f7cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.