I am sure you have mentioned this before, so forgive me if it's a repeat. I
couldn't find the email in my inbox. What is it you are trying to do
again?
On Fri, Jul 22, 2022 at 2:07 PM Tony Wong <tdubb...@gmail.com> wrote:
>
> trying to do this another way
>
> - name: copy id_rsa.pub to tmp for reading on localhost
> ansible.builtin.shell:
> cmd: "{{ command2 }}"
> register: shell_output
> become: true
> delegate_to: localhost
>
>
> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>
> I am trying to run this only on the ansible controller (localhost)
>
> but it looks like its trying to run on remote nodes
>
>
> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>
>
> any idea?
> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>
>> do you mean something like this?
>>
>>
>> ---
>> # tasks file for createuser
>> - include_vars:
>> dir: vars
>>
>>
>>
>>
>> *- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{
>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost*
>>
>> - name: create user rke
>> ansible.builtin.user:
>> name: '{{ username }}'
>> shell: '{{ shell }}'
>> generate_ssh_key: yes
>> create_home: yes
>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>> append: yes
>> ssh_key_file: .ssh/id_rsa
>> become: true
>>
>> - name: Make sure we have a 'wheel' group
>> group:
>> name: wheel
>> state: present
>>
>> - name: Allow 'wheel' group to have passwordless sudo
>> lineinfile:
>> dest: /etc/sudoers
>> state: present
>> regexp: '^%wheel'
>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>> validate: 'visudo -cf %s'
>>
>>
>> - name: Setup authkeys for user rke
>> become: true
>>
>> authorized_key:
>> user: '{{ username }}'
>> state: present
>> key: auth_key
>>
>>
>>
>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <dnmv...@gmail.com> wrote:
>>
>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong <tdub...@gmail.com> wrote:
>>> >
>>> > yes it does, but the user (ansible) i am running the playbook with
>>> even though it has sudo rights and in root group cant access that folder.
>>>
>>>
>>> Your authorized_keys task is run on the remote host, but using the
>>> lookup/file plugin in one of the arguments doesn't allow for privilege
>>> escalation locally.
>>> I think for fetching the materials, you should have an initial
>>> set_fact task with delegate_to=localhost and set become=true on that.
>>>
>>> (not verified)
>>>
>>>
>>>
>>> > i tried to copy the id_rsa.pub to /tmp and it works
>>> >
>>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <jcp...@johnpetro.com>
>>> wrote:
>>> >>
>>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the
>>> ansible playbook from? Also, what happens if you try to do a ls on that
>>> directory as the user that is executing the ansible playbook, are you
>>> getting any errors?
>>> >>
>>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <tdub...@gmail.com> wrote:
>>> >>>
>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>> paths (use -vvvvv to see paths)
>>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception
>>> occurred while running the lookup plugin 'file'. Error was a <class
>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>> paths (use -vvvvv to see paths)
>>> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception
>>> occurred while running the lookup plugin 'file'. Error was a <class
>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>> paths (use -vvvvv to see paths)
>>> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception
>>> occurred while running the lookup plugin 'file'. Error was a <class
>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>> >>>
>>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <tdub...@gmail.com> wrote:
>>> >>>>
>>> >>>> how do i access to lookup the id_rsa.pub file? The user running
>>> ansible playbook has sudo rights on the controller
>>> >>>>
>>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <uto...@gmail.com>
>>> wrote:
>>> >>>>>
>>> >>>>> It would have root access — on the target machine, but not on the
>>> Ansible controller.
>>> >>>>>
>>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 tdub...@gmail.com
>>> wrote:
>>> >>>>>>
>>> >>>>>> But I used become: in my main.yml
>>> >>>>>>
>>> >>>>>> Would that have root access?
>>> >>>>>
>>> >>>>> --
>>> >>>>> You received this message because you are subscribed to a topic in
>>> the Google Groups "Ansible Project" group.
>>> >>>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>> .
>>> >>>>> To unsubscribe from this group and all its topics, send an email
>>> to ansible-proje...@googlegroups.com.
>>> >>>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
>>> .
>>> >>>
>>> >>> --
>>> >>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> >>> To unsubscribe from this group and stop receiving emails from it,
>>> send an email to ansible-proje...@googlegroups.com.
>>> >>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
>>> .
>>> >>
>>> >> --
>>> >> You received this message because you are subscribed to a topic in
>>> the Google Groups "Ansible Project" group.
>>> >> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>> .
>>> >> To unsubscribe from this group and all its topics, send an email to
>>> ansible-proje...@googlegroups.com.
>>> >> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com
>>> .
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-proje...@googlegroups.com.
>>> > To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com
>>> .
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> ansible-proje...@googlegroups.com.
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAPAjob_vVDzNa_PuEECXDLjCb8532qFTDNwzjzYPBgStfr%2B4%2Bw%40mail.gmail.com.
