I am working on it to provide you an use case.. but. is by any chance the authorizing_file modules sanitizing aka removing duplicates entries on the remote authorized_key file even if it was not in the key string passed to be removed
in that case there is probably no issue i must do some tests :) i keep you posted. regards M On Thursday, May 28, 2020 at 6:02:03 PM UTC+2, Dick Visser wrote: > > The fact that multiple keys begin with AAAAB3NzaC1yc2EAAAA is because > they share the same header - this is OK. > The module takes the entire key string into account. > > Can you maybe reproduce this in a way that we can look at it? > Otherwise it will be impossible to tell what is wrong (other that > guessing what it might be). > > > Dick > > On Thu, 28 May 2020 at 17:02, 'Mario Garcia' via Ansible Project > <[email protected] <javascript:>> wrote: > > > > Hello > > > > no the key are differents but i think that ansible modules only match > the beginning of the line but not the whole file > > > > i am not going to list all the public keys here but: > > the public key that has to be removed and the ones that are wrongly > being removed have the 'same' beginning:: > > > > ssh-rsa AAAAB3NzaC1yc2EAAAA... > > after this both lines in authorized keys differ > > > > so does the authorized_key module only looks for the beginning of the > line? > > > > the /path/to/totpubkey.pub is a normal regular ssh-rsa public key file > are standard public file with the publick key and authorized key files > are one key per line.. nothing fancy > > > > > > > > On Thursday, May 28, 2020 at 4:07:16 PM UTC+2, Mario Garcia wrote: > >> > >> Hello > >> > >> I need to clean up a bit the authorized keys files on our infra > >> i created a simple palybook that goes and removed one key from the > remote authorized_keys files but when I run it in check/diff mode i see it > tried to remove far too many lines > >> > >> > >> this is the playbook > >> > >> --- > >> - hosts: all > >> > >> > >> tasks; > >> > >> - name: remove public keys > >> > >> authorized_key: > >> user: toto > >> state: absent > >> key: "{{ lookup('file', '/path/to/totpubkey.pub') }}" > >> > >> > >> I see absolutely no reason why in some hosts there are several public > keys that are being removed for the authorized_keys files and since the > module does not have a backup option is a bit of a problem. > >> > >> how could I use perhaps lineinfile to do the same? or how detect what > is causing the module to delete several lines instead on just the one > provided? > >> > >> thank you. > >> > >> > >> > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/ab796701-f5dd-4619-871b-0dc5c0bb8b24%40googlegroups.com. > > > > > > -- > Dick Visser > Trust & Identity Service Operations Manager > GÉANT > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bac80808-3816-437e-845a-b7132884e1a8%40googlegroups.com.
