still failed
TASK [rancherpocreplay : copy id_rsa.pub to tmp for reading]
*****************************************************************************************************************
fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
"Unsupported parameters for (command) module: cmd Supported parameters
include: _raw_params, _uses_shell, argv, chdir, creates, executable,
removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
"Unsupported parameters for (command) module: cmd Supported parameters
include: _raw_params, _uses_shell, argv, chdir, creates, executable,
removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
"Unsupported parameters for (command) module: cmd Supported parameters
include: _raw_params, _uses_shell, argv, chdir, creates, executable,
removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
On Fri, Jul 22, 2022 at 11:32 AM John Petro <[email protected]> wrote:
> just for giggles, have you tried putting a sudo in front of your command?
> I am not saying this would work, but just curious if maybe the "become" is
> being honored on the remote site only, so locally it might still be running
> as whatever local user you are running the ansible playbook as.
>
> On Fri, Jul 22, 2022 at 2:21 PM Tony Wong <[email protected]> wrote:
>
>> trying to copy id_rsa.pub for a user (rke) on my ansible controller to
>> authorized_keys on remote hosts
>>
>> I am running ansible playbook as user ansible
>>
>> since ansible user cannt access /home/rke/.ssh, it cannot lookup the pub
>> key
>>
>> I tried elevating privileges on lookup tasks and cannot do it
>>
>>
>>
>> On Fri, Jul 22, 2022 at 11:12 AM John Petro <[email protected]>
>> wrote:
>>
>>> I am sure you have mentioned this before, so forgive me if it's a
>>> repeat. I couldn't find the email in my inbox. What is it you are trying
>>> to do again?
>>>
>>> On Fri, Jul 22, 2022 at 2:07 PM Tony Wong <[email protected]> wrote:
>>>
>>>>
>>>> trying to do this another way
>>>>
>>>> - name: copy id_rsa.pub to tmp for reading on localhost
>>>> ansible.builtin.shell:
>>>> cmd: "{{ command2 }}"
>>>> register: shell_output
>>>> become: true
>>>> delegate_to: localhost
>>>>
>>>>
>>>> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>>>>
>>>> I am trying to run this only on the ansible controller (localhost)
>>>>
>>>> but it looks like its trying to run on remote nodes
>>>>
>>>>
>>>> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>>
>>>>
>>>> any idea?
>>>> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>>>>
>>>>> do you mean something like this?
>>>>>
>>>>>
>>>>> ---
>>>>> # tasks file for createuser
>>>>> - include_vars:
>>>>> dir: vars
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{
>>>>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost*
>>>>>
>>>>> - name: create user rke
>>>>> ansible.builtin.user:
>>>>> name: '{{ username }}'
>>>>> shell: '{{ shell }}'
>>>>> generate_ssh_key: yes
>>>>> create_home: yes
>>>>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>>>>> append: yes
>>>>> ssh_key_file: .ssh/id_rsa
>>>>> become: true
>>>>>
>>>>> - name: Make sure we have a 'wheel' group
>>>>> group:
>>>>> name: wheel
>>>>> state: present
>>>>>
>>>>> - name: Allow 'wheel' group to have passwordless sudo
>>>>> lineinfile:
>>>>> dest: /etc/sudoers
>>>>> state: present
>>>>> regexp: '^%wheel'
>>>>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>>>>> validate: 'visudo -cf %s'
>>>>>
>>>>>
>>>>> - name: Setup authkeys for user rke
>>>>> become: true
>>>>>
>>>>> authorized_key:
>>>>> user: '{{ username }}'
>>>>> state: present
>>>>> key: auth_key
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <[email protected]> wrote:
>>>>>
>>>>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong <[email protected]> wrote:
>>>>>> >
>>>>>> > yes it does, but the user (ansible) i am running the playbook with
>>>>>> even though it has sudo rights and in root group cant access that folder.
>>>>>>
>>>>>>
>>>>>> Your authorized_keys task is run on the remote host, but using the
>>>>>> lookup/file plugin in one of the arguments doesn't allow for privilege
>>>>>> escalation locally.
>>>>>> I think for fetching the materials, you should have an initial
>>>>>> set_fact task with delegate_to=localhost and set become=true on that.
>>>>>>
>>>>>> (not verified)
>>>>>>
>>>>>>
>>>>>>
>>>>>> > i tried to copy the id_rsa.pub to /tmp and it works
>>>>>> >
>>>>>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <[email protected]>
>>>>>> wrote:
>>>>>> >>
>>>>>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running
>>>>>> the ansible playbook from? Also, what happens if you try to do a ls on
>>>>>> that directory as the user that is executing the ansible playbook, are
>>>>>> you
>>>>>> getting any errors?
>>>>>> >>
>>>>>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <[email protected]>
>>>>>> wrote:
>>>>>> >>>
>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>>>> paths (use -vvvvv to see paths)
>>>>>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception
>>>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file
>>>>>> in
>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>>>> paths (use -vvvvv to see paths)
>>>>>> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception
>>>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file
>>>>>> in
>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>>>> paths (use -vvvvv to see paths)
>>>>>> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception
>>>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file
>>>>>> in
>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>>>> >>>
>>>>>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <[email protected]>
>>>>>> wrote:
>>>>>> >>>>
>>>>>> >>>> how do i access to lookup the id_rsa.pub file? The user running
>>>>>> ansible playbook has sudo rights on the controller
>>>>>> >>>>
>>>>>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <[email protected]>
>>>>>> wrote:
>>>>>> >>>>>
>>>>>> >>>>> It would have root access — on the target machine, but not on
>>>>>> the Ansible controller.
>>>>>> >>>>>
>>>>>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4
>>>>>> [email protected] wrote:
>>>>>> >>>>>>
>>>>>> >>>>>> But I used become: in my main.yml
>>>>>> >>>>>>
>>>>>> >>>>>> Would that have root access?
>>>>>> >>>>>
>>>>>> >>>>> --
>>>>>> >>>>> You received this message because you are subscribed to a topic
>>>>>> in the Google Groups "Ansible Project" group.
>>>>>> >>>>> To unsubscribe from this topic, visit
>>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>>>> .
>>>>>> >>>>> To unsubscribe from this group and all its topics, send an
>>>>>> email to [email protected].
>>>>>> >>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
>>>>>> .
>>>>>> >>>
>>>>>> >>> --
>>>>>> >>> You received this message because you are subscribed to the
>>>>>> Google Groups "Ansible Project" group.
>>>>>> >>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to [email protected].
>>>>>> >>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
>>>>>> .
>>>>>> >>
>>>>>> >> --
>>>>>> >> You received this message because you are subscribed to a topic in
>>>>>> the Google Groups "Ansible Project" group.
>>>>>> >> To unsubscribe from this topic, visit
>>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>>>> .
>>>>>> >> To unsubscribe from this group and all its topics, send an email
>>>>>> to [email protected].
>>>>>> >> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com
>>>>>> .
>>>>>> >
>>>>>> > --
>>>>>> > You received this message because you are subscribed to the Google
>>>>>> Groups "Ansible Project" group.
>>>>>> > To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to [email protected].
>>>>>> > To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com
>>>>>> .
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to a topic in
>>>>>> the Google Groups "Ansible Project" group.
>>>>>> To unsubscribe from this topic, visit
>>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>>>> .
>>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>>> [email protected].
>>>>>>
>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com
>>>>>> .
>>>>>>
>>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com
>>>> <https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob_vVDzNa_PuEECXDLjCb8532qFTDNwzjzYPBgStfr%2B4%2Bw%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob_vVDzNa_PuEECXDLjCb8532qFTDNwzjzYPBgStfr%2B4%2Bw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CALmkhkpreazuMPR34At7PX_U3Pgwiho41N5TGGqaMyV1UCopjA%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CALmkhkpreazuMPR34At7PX_U3Pgwiho41N5TGGqaMyV1UCopjA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAPAjob9DV1UBDVJU%3DBNa1w-QQZ%2BAAAanYOtSjbRavQhKmSAhDQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CAPAjob9DV1UBDVJU%3DBNa1w-QQZ%2BAAAanYOtSjbRavQhKmSAhDQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkpMdhZcS%3D94CP3ZaiG9wSsOnNmy_uJCNNLu%3DB_d63uzjA%40mail.gmail.com.
