[ansible-project] Ensure that file 1 (authorized_keys) contains file 2 (id_ed25519.pub)

Mon, 02 Nov 2015 14:34:52 -0800 

Hi all,

just beginning my adventure with Ansible.

Following situation: I'm trying to ensure that a user called "ansible" is 
present on all hosts that should be managed by Ansible.
Creating group and user works so far. Now I'm trying to enable password-less 
SSH login for that user by copying a well known key
pair to the host.

### playbook.yml
---
- hosts: all-root
  user: root
  tasks:
  - name: check Ansible group
    group:
      name: "ansible"
      gid: 200
      state: present
      system: yes

  - name: check Ansible user
    user:
      name: "ansible"
      comment: "Ansible Management User"
      createhome: yes
      home: "/ansible"
      group: "ansible"
      shell: "/bin/bash"
      uid:  200
      system: yes
      state: present

  - name: enable password-less SSH for user ansible (.ssh folder)
    file:
      path: "/ansible/.ssh"
      state: directory
      owner: "ansible"
      group: "ansible"
      mode: 0755

  - name: enable password-less SSH for user ansible (public key)
    copy:
      src: "./ansible.config/ansible.id_ed25519.pub"
      dest: "/ansible/.ssh/id_ed25519.pub"
      owner: "ansible"
      group: "ansible"
      mode: 0644

  - name: enable password-less SSH for user ansible (private key)
    copy:
      src: "./ansible.config/ansible.id_ed25519"
      dest: "/ansible/.ssh/id_ed25519"
      owner: "ansible"
      group: "ansible"
      mode: 0600
###

But I have no idea how to ensure that the authorized_keys file contains the 
public key. I just could copy
/ansible/.ssh/id_ed25519.pub to /ansible/.ssh/authorized_keys but that might 
override additional allowed keys.

Can anyone point me to the right module that allows something like the 
lineinfile module but with that extra dynamic input? I
don't want to specify the content of id_ed25519.pub inside the playbook.

Is there some other solution to this issue?



Best,

   Uwe

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5637E4DD.2020506%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to