Hi all,
Further misunderstandings on my part for iterating over varied YAML
structures, but here's the deal:
I'm writing a super tiny role with the intent of dynamically deploying any
authorized_keys defined in a host/group's vars.
That is to say, I need a task that will deploy keys to varied users, and
the keys all need to be exclusive.
The use of files or templates will not suffice in this case - this needs to
be scalable and in a sane structure.
Right now here's the approach I'm taking.
I have my keys defined like so:
---
ssh_authorized_keys:
root:
keys:
- user1: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvVO3ULx8fNGgInHCFQV6q/
gEARBWyS9eA1qRaTEu4njawEjiqSGFHgPuvmgtKlft2MqbnCG3cokFKRAEOZEzy+
gUMES8IQEHuSsJuZFnlUC4yzm1mI1OjJk9PwTLDD6OGJDL1gIkz37CYITbsaufS6gFrpoMBZhkVcVKk0JBnmGF
/
QZUD1uHKFLMtyVwvw8pzWcBcAYBBw5O6hjo2pRIX100bCdMxDrXwFp4yFiJPG6LCya4701whZpqgwk3j
/RakJdZLA3pgAlVPZswz8ezj2U5PIYJi+LrUaPE57Zr/
eVwNnBE7QPsKCCurIy1bLR0KXiqOmUzdzWDphYCelRurM== user1
other_user:
keys:
- user2: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvVO3ULx8fNGgInHCFQV6q/
gEARBWyS9eA1qRaTEu4njawEjiqSGFHgPuvmgtKlft2MqbnCG3cokFKRAEOZEzy+
gUMES8IQEHuSsJuZFnlUC4yzm1mI1OjJk9PwTLDD9OGJDL1gIkm37CYITbsagfS6gFrpoMBZhkVcVKk0JBnmwF
/
QZUD1uHKFLMtyVwvw8pzWcBcAYBBw5O6hjo2pRIX100bCdMxDrXwFp4yFiJPG6LCya4701whZpqgwk3d
/RakJdZLA3pgAlVPZswz8ezj2U5PIYJl+LrUaPE57ZR/
eVwNnBE7QPsKCCurIy1bLR0KXiqOmUzdzWDphYCelRurQ== user2
- user3: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAgkLcC/
o1aDxaXFJdyTMhlF4UiwNO/tdQf6EIYJzikSBNKECBjmvrM6bNaIkWA/
AzB2dgTS0mug2aVomsBeyN8gAGfV/Wi3bO1kXuI23BmkPUn36OgE5ppQ0O2Gp8VjJaffV9EiYeEY
/QlwnshAS7gfDPeTO+u5f0ZP0TZw29m+
F3CKIJWPruDJJvXMkyc5qokh5kUpm0GYlhGyDi596st3Gsh/9LF/
I2sEJH3LTP0gs0bWjbHN9XcIw8gbPT50zNZvqv9FGvgsMCErYC5lwPVN1670cpOpqLYV4PgU77t751CE9RsmASeB6Elwh0pAKlfxzITBx4W6aVxkl8Utlblw
== user3
As you can see, the structure includes a key named after the user that I
want to deploy the keys to (shown above as 'root' and 'other_user').
Then, there's a sub key, with a list as it's value called keys (this isn't
necessarily imperative, it just helped with my thinking of iteration).
The list is then structured showing the name of the user the key belongs
to, with a value of the actual public key.
Here's the task I'm attempting to deploy these keys with (this doesn't
work!).
Hopefully it conveys my thinking/approach:
---
- name: "Ensure any defined authorized_keys are deployed"
authorized_key:
user: "{{ item.key }}"
manage_dir: yes
exclusive: yes
key: |
{% for users in item.value.keys %}
{% for _, pubkey in users.items() %}
{{ pubkey }}
{% endfor %}
{% endfor %}
with_dict: ssh_authorized_keys
I've successfully deployed multiple, exclusive authorized_keys using a
similar structure and approach, the only lacking functionality being the
ability to dynamically define the 'user' key, which is the most important
part!
I'd really appreciate anyone's feedback on this, it's driving me a little
crazy!
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ec11e8d0-5517-4dde-8162-a06d87c75642%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
