trying to do this another way
- name: copy id_rsa.pub to tmp for reading on localhost
ansible.builtin.shell:
cmd: "{{ command2 }}"
register: shell_output
become: true
delegate_to: localhost
where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
I am trying to run this only on the ansible controller (localhost)
but it looks like its trying to run on remote nodes
fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
"Unsupported parameters for (command) module: cmd Supported parameters
include: _raw_params, _uses_shell, argv, chdir, creates, executable,
removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
"Unsupported parameters for (command) module: cmd Supported parameters
include: _raw_params, _uses_shell, argv, chdir, creates, executable,
removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
"Unsupported parameters for (command) module: cmd Supported parameters
include: _raw_params, _uses_shell, argv, chdir, creates, executable,
removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
any idea?
On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
> do you mean something like this?
>
>
> ---
> # tasks file for createuser
> - include_vars:
> dir: vars
>
>
>
>
> *- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{
> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost*
>
> - name: create user rke
> ansible.builtin.user:
> name: '{{ username }}'
> shell: '{{ shell }}'
> generate_ssh_key: yes
> create_home: yes
> groups: [ "{{ group1 }}", "{{ group2 }}" ]
> append: yes
> ssh_key_file: .ssh/id_rsa
> become: true
>
> - name: Make sure we have a 'wheel' group
> group:
> name: wheel
> state: present
>
> - name: Allow 'wheel' group to have passwordless sudo
> lineinfile:
> dest: /etc/sudoers
> state: present
> regexp: '^%wheel'
> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
> validate: 'visudo -cf %s'
>
>
> - name: Setup authkeys for user rke
> become: true
>
> authorized_key:
> user: '{{ username }}'
> state: present
> key: auth_key
>
>
>
> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <[email protected]> wrote:
>
>> On Thu, 21 Jul 2022 at 16:32, Tony Wong <[email protected]> wrote:
>> >
>> > yes it does, but the user (ansible) i am running the playbook with even
>> though it has sudo rights and in root group cant access that folder.
>>
>>
>> Your authorized_keys task is run on the remote host, but using the
>> lookup/file plugin in one of the arguments doesn't allow for privilege
>> escalation locally.
>> I think for fetching the materials, you should have an initial
>> set_fact task with delegate_to=localhost and set become=true on that.
>>
>> (not verified)
>>
>>
>>
>> > i tried to copy the id_rsa.pub to /tmp and it works
>> >
>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <[email protected]>
>> wrote:
>> >>
>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the
>> ansible playbook from? Also, what happens if you try to do a ls on that
>> directory as the user that is executing the ansible playbook, are you
>> getting any errors?
>> >>
>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <[email protected]> wrote:
>> >>>
>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>> paths (use -vvvvv to see paths)
>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception
>> occurred while running the lookup plugin 'file'. Error was a <class
>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>> lookup: /home/rke/.ssh/id_pub.rsa"}
>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>> paths (use -vvvvv to see paths)
>> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception
>> occurred while running the lookup plugin 'file'. Error was a <class
>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>> lookup: /home/rke/.ssh/id_pub.rsa"}
>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>> paths (use -vvvvv to see paths)
>> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception
>> occurred while running the lookup plugin 'file'. Error was a <class
>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>> lookup: /home/rke/.ssh/id_pub.rsa"}
>> >>>
>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <[email protected]> wrote:
>> >>>>
>> >>>> how do i access to lookup the id_rsa.pub file? The user running
>> ansible playbook has sudo rights on the controller
>> >>>>
>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <[email protected]> wrote:
>> >>>>>
>> >>>>> It would have root access — on the target machine, but not on the
>> Ansible controller.
>> >>>>>
>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 [email protected]
>> wrote:
>> >>>>>>
>> >>>>>> But I used become: in my main.yml
>> >>>>>>
>> >>>>>> Would that have root access?
>> >>>>>
>> >>>>> --
>> >>>>> You received this message because you are subscribed to a topic in
>> the Google Groups "Ansible Project" group.
>> >>>>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>> .
>> >>>>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> >>>>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
>> .
>> >>>
>> >>> --
>> >>> You received this message because you are subscribed to the Google
>> Groups "Ansible Project" group.
>> >>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to [email protected].
>> >>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
>> .
>> >>
>> >> --
>> >> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> >> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>> .
>> >> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> >> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com
>> .
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to [email protected].
>> > To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com
>> .
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>>
> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com.
