do you mean something like this?
---
# tasks file for createuser
- include_vars:
dir: vars
*- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{
lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost*
- name: create user rke
ansible.builtin.user:
name: '{{ username }}'
shell: '{{ shell }}'
generate_ssh_key: yes
create_home: yes
groups: [ "{{ group1 }}", "{{ group2 }}" ]
append: yes
ssh_key_file: .ssh/id_rsa
become: true
- name: Make sure we have a 'wheel' group
group:
name: wheel
state: present
- name: Allow 'wheel' group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
- name: Setup authkeys for user rke
become: true
authorized_key:
user: '{{ username }}'
state: present
key: auth_key
On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <[email protected]> wrote:
> On Thu, 21 Jul 2022 at 16:32, Tony Wong <[email protected]> wrote:
> >
> > yes it does, but the user (ansible) i am running the playbook with even
> though it has sudo rights and in root group cant access that folder.
>
>
> Your authorized_keys task is run on the remote host, but using the
> lookup/file plugin in one of the arguments doesn't allow for privilege
> escalation locally.
> I think for fetching the materials, you should have an initial
> set_fact task with delegate_to=localhost and set become=true on that.
>
> (not verified)
>
>
>
> > i tried to copy the id_rsa.pub to /tmp and it works
> >
> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <[email protected]>
> wrote:
> >>
> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the
> ansible playbook from? Also, what happens if you try to do a ls on that
> directory as the user that is executing the ansible playbook, are you
> getting any errors?
> >>
> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <[email protected]> wrote:
> >>>
> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
> paths (use -vvvvv to see paths)
> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception occurred
> while running the lookup plugin 'file'. Error was a <class
> 'ansible.errors.AnsibleError'>, original message: could not locate file in
> lookup: /home/rke/.ssh/id_pub.rsa"}
> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
> paths (use -vvvvv to see paths)
> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception occurred
> while running the lookup plugin 'file'. Error was a <class
> 'ansible.errors.AnsibleError'>, original message: could not locate file in
> lookup: /home/rke/.ssh/id_pub.rsa"}
> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
> paths (use -vvvvv to see paths)
> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception occurred
> while running the lookup plugin 'file'. Error was a <class
> 'ansible.errors.AnsibleError'>, original message: could not locate file in
> lookup: /home/rke/.ssh/id_pub.rsa"}
> >>>
> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <[email protected]> wrote:
> >>>>
> >>>> how do i access to lookup the id_rsa.pub file? The user running
> ansible playbook has sudo rights on the controller
> >>>>
> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <[email protected]> wrote:
> >>>>>
> >>>>> It would have root access — on the target machine, but not on the
> Ansible controller.
> >>>>>
> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 [email protected]
> wrote:
> >>>>>>
> >>>>>> But I used become: in my main.yml
> >>>>>>
> >>>>>> Would that have root access?
> >>>>>
> >>>>> --
> >>>>> You received this message because you are subscribed to a topic in
> the Google Groups "Ansible Project" group.
> >>>>> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe.
> >>>>> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> >>>>> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
> .
> >>>
> >>> --
> >>> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> >>> To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected].
> >>> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
> .
> >>
> >> --
> >> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> >> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe.
> >> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> >> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com
> .
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected].
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com
> .
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkrvwoUT3fwWWHF_Hhm%2BPFt8XagmjgiT_G%3Dg_Hv93Mvtfw%40mail.gmail.com.
