On Thu, 21 Jul 2022 at 16:32, Tony Wong <[email protected]> wrote: > > yes it does, but the user (ansible) i am running the playbook with even > though it has sudo rights and in root group cant access that folder.
Your authorized_keys task is run on the remote host, but using the lookup/file plugin in one of the arguments doesn't allow for privilege escalation locally. I think for fetching the materials, you should have an initial set_fact task with delegate_to=localhost and set become=true on that. (not verified) > i tried to copy the id_rsa.pub to /tmp and it works > > On Thu, Jul 21, 2022 at 7:10 AM John Petro <[email protected]> wrote: >> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the ansible >> playbook from? Also, what happens if you try to do a ls on that directory >> as the user that is executing the ansible playbook, are you getting any >> errors? >> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <[email protected]> wrote: >>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths >>> (use -vvvvv to see paths) >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception occurred >>> while running the lookup plugin 'file'. Error was a <class >>> 'ansible.errors.AnsibleError'>, original message: could not locate file in >>> lookup: /home/rke/.ssh/id_pub.rsa"} >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths >>> (use -vvvvv to see paths) >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception occurred >>> while running the lookup plugin 'file'. Error was a <class >>> 'ansible.errors.AnsibleError'>, original message: could not locate file in >>> lookup: /home/rke/.ssh/id_pub.rsa"} >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected paths >>> (use -vvvvv to see paths) >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception occurred >>> while running the lookup plugin 'file'. Error was a <class >>> 'ansible.errors.AnsibleError'>, original message: could not locate file in >>> lookup: /home/rke/.ssh/id_pub.rsa"} >>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <[email protected]> wrote: >>>> >>>> how do i access to lookup the id_rsa.pub file? The user running ansible >>>> playbook has sudo rights on the controller >>>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <[email protected]> wrote: >>>>> >>>>> It would have root access — on the target machine, but not on the Ansible >>>>> controller. >>>>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 [email protected] wrote: >>>>>> >>>>>> But I used become: in my main.yml >>>>>> >>>>>> Would that have root access? >>>>> >>>>> -- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "Ansible Project" group. >>>>> To unsubscribe from this topic, visit >>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe. >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com.
