[ansible-project] Passing a variable that is a list to a parameter that expects a list

Tue, 12 Jul 2022 13:54:41 -0700 

In a variables file, I have a series of ssh keys assigned to variables:

samwise_key: 'ssh-rsa.....
legolas_key: 'ssh-rsa....
gandalf_key: 'ssh-rsa.....

I then have variable defined to be a list of said keys:

ssh_keys:
  - "{{ samwise_key }}"
  - "{{ legolas_key }}"
  - "{{ gandalf_key }}"
The idea is to be able to set up such keys (which are used in multiple places in my Ansible scripts) in one place, instead of having to put them in each place they're used.
One of the places I need to use them is when creating a new linode. The linode_v4 module has a parameter authorized_keys, which expects a list. 

I've got this set up as:

- name: Create a new linode
  linode_v4:
    label: "{{ label }}.domainname.com
    type: g6-nanode-1
    region: us-southeast
    image: linode/ubuntu20.04
    root_pass: "yeah, like I'm going to include that in here"
    authorized_keys: "{{ ssh_keys }}"
    state: present
  register: my_linode
I believe this has worked in the past, but currently (under ansible 2.12.3), when I run this, I'm getting:
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unable to query the Linode API. Saw: authorized_keys must be either paths to the key files or a list of raw public key of one of these types: ('ssh-dss', 'ssh-rsa', 'ecdsa-sha2-nistp', 'ssh-ed25519')"} 

If I copy the keys to an explicit list under authorized keys, like so:

    authorized_keys:
      - 'ssh-rsa......
      - 'ssh-rsa......
      - 'ssh-rsa......
it works, which seems to eliminate the possibility that I'm using a key type that's not recognized (my actual list has more than ssh-rsa keys).
Which leaves me wondering: how do I pass this ssh_keys variable to the authorized_keys parameter correctly? 

Ben
--
Ben Coleman [email protected] | For the wise man, doing right trumps
http://oloryn.benshome.net/     | looking right.  For the fool, looking
Amateur Radio NJ8J              | right trumps doing right.

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8e9e9524-33ba-3bcb-0d19-9ee9236bc675%40benshome.net.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to