What ansible version do you have installed
On Fri, Jul 22, 2022 at 2:37 PM Tony Wong <[email protected]> wrote:
> still failed
>
> TASK [rancherpocreplay : copy id_rsa.pub to tmp for reading]
> *****************************************************************************************************************
> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>
> On Fri, Jul 22, 2022 at 11:32 AM John Petro <[email protected]> wrote:
>
>> just for giggles, have you tried putting a sudo in front of your
>> command? I am not saying this would work, but just curious if maybe the
>> "become" is being honored on the remote site only, so locally it might
>> still be running as whatever local user you are running the ansible
>> playbook as.
>>
>> On Fri, Jul 22, 2022 at 2:21 PM Tony Wong <[email protected]> wrote:
>>
>>> trying to copy id_rsa.pub for a user (rke) on my ansible controller to
>>> authorized_keys on remote hosts
>>>
>>> I am running ansible playbook as user ansible
>>>
>>> since ansible user cannt access /home/rke/.ssh, it cannot lookup the pub
>>> key
>>>
>>> I tried elevating privileges on lookup tasks and cannot do it
>>>
>>>
>>>
>>> On Fri, Jul 22, 2022 at 11:12 AM John Petro <[email protected]>
>>> wrote:
>>>
>>>> I am sure you have mentioned this before, so forgive me if it's a
>>>> repeat. I couldn't find the email in my inbox. What is it you are trying
>>>> to do again?
>>>>
>>>> On Fri, Jul 22, 2022 at 2:07 PM Tony Wong <[email protected]> wrote:
>>>>
>>>>>
>>>>> trying to do this another way
>>>>>
>>>>> - name: copy id_rsa.pub to tmp for reading on localhost
>>>>> ansible.builtin.shell:
>>>>> cmd: "{{ command2 }}"
>>>>> register: shell_output
>>>>> become: true
>>>>> delegate_to: localhost
>>>>>
>>>>>
>>>>> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>>>>>
>>>>> I am trying to run this only on the ansible controller (localhost)
>>>>>
>>>>> but it looks like its trying to run on remote nodes
>>>>>
>>>>>
>>>>> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
>>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>>> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
>>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>>> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
>>>>> "Unsupported parameters for (command) module: cmd Supported parameters
>>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>>>>
>>>>>
>>>>> any idea?
>>>>> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>>>>>
>>>>>> do you mean something like this?
>>>>>>
>>>>>>
>>>>>> ---
>>>>>> # tasks file for createuser
>>>>>> - include_vars:
>>>>>> dir: vars
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{
>>>>>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost*
>>>>>>
>>>>>> - name: create user rke
>>>>>> ansible.builtin.user:
>>>>>> name: '{{ username }}'
>>>>>> shell: '{{ shell }}'
>>>>>> generate_ssh_key: yes
>>>>>> create_home: yes
>>>>>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>>>>>> append: yes
>>>>>> ssh_key_file: .ssh/id_rsa
>>>>>> become: true
>>>>>>
>>>>>> - name: Make sure we have a 'wheel' group
>>>>>> group:
>>>>>> name: wheel
>>>>>> state: present
>>>>>>
>>>>>> - name: Allow 'wheel' group to have passwordless sudo
>>>>>> lineinfile:
>>>>>> dest: /etc/sudoers
>>>>>> state: present
>>>>>> regexp: '^%wheel'
>>>>>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>>>>>> validate: 'visudo -cf %s'
>>>>>>
>>>>>>
>>>>>> - name: Setup authkeys for user rke
>>>>>> become: true
>>>>>>
>>>>>> authorized_key:
>>>>>> user: '{{ username }}'
>>>>>> state: present
>>>>>> key: auth_key
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong <[email protected]> wrote:
>>>>>>> >
>>>>>>> > yes it does, but the user (ansible) i am running the playbook with
>>>>>>> even though it has sudo rights and in root group cant access that
>>>>>>> folder.
>>>>>>>
>>>>>>>
>>>>>>> Your authorized_keys task is run on the remote host, but using the
>>>>>>> lookup/file plugin in one of the arguments doesn't allow for
>>>>>>> privilege
>>>>>>> escalation locally.
>>>>>>> I think for fetching the materials, you should have an initial
>>>>>>> set_fact task with delegate_to=localhost and set become=true on that.
>>>>>>>
>>>>>>> (not verified)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> > i tried to copy the id_rsa.pub to /tmp and it works
>>>>>>> >
>>>>>>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <[email protected]>
>>>>>>> wrote:
>>>>>>> >>
>>>>>>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running
>>>>>>> the ansible playbook from? Also, what happens if you try to do a ls on
>>>>>>> that directory as the user that is executing the ansible playbook, are
>>>>>>> you
>>>>>>> getting any errors?
>>>>>>> >>
>>>>>>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <[email protected]>
>>>>>>> wrote:
>>>>>>> >>>
>>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in
>>>>>>> expected paths (use -vvvvv to see paths)
>>>>>>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception
>>>>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file
>>>>>>> in
>>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in
>>>>>>> expected paths (use -vvvvv to see paths)
>>>>>>> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception
>>>>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file
>>>>>>> in
>>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in
>>>>>>> expected paths (use -vvvvv to see paths)
>>>>>>> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception
>>>>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file
>>>>>>> in
>>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>>>>> >>>
>>>>>>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <[email protected]>
>>>>>>> wrote:
>>>>>>> >>>>
>>>>>>> >>>> how do i access to lookup the id_rsa.pub file? The user running
>>>>>>> ansible playbook has sudo rights on the controller
>>>>>>> >>>>
>>>>>>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <[email protected]>
>>>>>>> wrote:
>>>>>>> >>>>>
>>>>>>> >>>>> It would have root access — on the target machine, but not on
>>>>>>> the Ansible controller.
>>>>>>> >>>>>
>>>>>>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4
>>>>>>> [email protected] wrote:
>>>>>>> >>>>>>
>>>>>>> >>>>>> But I used become: in my main.yml
>>>>>>> >>>>>>
>>>>>>> >>>>>> Would that have root access?
>>>>>>> >>>>>
>>>>>>> >>>>> --
>>>>>>> >>>>> You received this message because you are subscribed to a
>>>>>>> topic in the Google Groups "Ansible Project" group.
>>>>>>> >>>>> To unsubscribe from this topic, visit
>>>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>>>>> .
>>>>>>> >>>>> To unsubscribe from this group and all its topics, send an
>>>>>>> email to [email protected].
>>>>>>> >>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
>>>>>>> .
>>>>>>> >>>
>>>>>>> >>> --
>>>>>>> >>> You received this message because you are subscribed to the
>>>>>>> Google Groups "Ansible Project" group.
>>>>>>> >>> To unsubscribe from this group and stop receiving emails from
>>>>>>> it, send an email to [email protected].
>>>>>>> >>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
>>>>>>> .
>>>>>>> >>
>>>>>>> >> --
>>>>>>> >> You received this message because you are subscribed to a topic
>>>>>>> in the Google Groups "Ansible Project" group.
>>>>>>> >> To unsubscribe from this topic, visit
>>>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>>>>> .
>>>>>>> >> To unsubscribe from this group and all its topics, send an email
>>>>>>> to [email protected].
>>>>>>> >> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com
>>>>>>> .
>>>>>>> >
>>>>>>> > --
>>>>>>> > You received this message because you are subscribed to the Google
>>>>>>> Groups "Ansible Project" group.
>>>>>>> > To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to [email protected].
>>>>>>> > To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com
>>>>>>> .
>>>>>>>
>>>>>>> --
>>>>>>> You received this message because you are subscribed to a topic in
>>>>>>> the Google Groups "Ansible Project" group.
>>>>>>> To unsubscribe from this topic, visit
>>>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>>>>> .
>>>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>>>> [email protected].
>>>>>>>
>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com
>>>>>>> .
>>>>>>>
>>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Ansible Project" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "Ansible Project" group.
>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>> .
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob_vVDzNa_PuEECXDLjCb8532qFTDNwzjzYPBgStfr%2B4%2Bw%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob_vVDzNa_PuEECXDLjCb8532qFTDNwzjzYPBgStfr%2B4%2Bw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkpreazuMPR34At7PX_U3Pgwiho41N5TGGqaMyV1UCopjA%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/ansible-project/CALmkhkpreazuMPR34At7PX_U3Pgwiho41N5TGGqaMyV1UCopjA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAPAjob9DV1UBDVJU%3DBNa1w-QQZ%2BAAAanYOtSjbRavQhKmSAhDQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob9DV1UBDVJU%3DBNa1w-QQZ%2BAAAanYOtSjbRavQhKmSAhDQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CALmkhkpMdhZcS%3D94CP3ZaiG9wSsOnNmy_uJCNNLu%3DB_d63uzjA%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CALmkhkpMdhZcS%3D94CP3ZaiG9wSsOnNmy_uJCNNLu%3DB_d63uzjA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAPAjob-uZcFQd9M%3DiraOww%2BTHt61RmtFVj4DkwjzYfkbQmfYFw%40mail.gmail.com.
