ansible 2.9.6 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]
On Fri, Jul 22, 2022 at 11:40 AM John Petro <[email protected]> wrote: > What ansible version do you have installed > > On Fri, Jul 22, 2022 at 2:37 PM Tony Wong <[email protected]> wrote: > >> still failed >> >> TASK [rancherpocreplay : copy id_rsa.pub to tmp for reading] >> ***************************************************************************************************************** >> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg": >> "Unsupported parameters for (command) module: cmd Supported parameters >> include: _raw_params, _uses_shell, argv, chdir, creates, executable, >> removes, stdin, stdin_add_newline, strip_empty_ends, warn"} >> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg": >> "Unsupported parameters for (command) module: cmd Supported parameters >> include: _raw_params, _uses_shell, argv, chdir, creates, executable, >> removes, stdin, stdin_add_newline, strip_empty_ends, warn"} >> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg": >> "Unsupported parameters for (command) module: cmd Supported parameters >> include: _raw_params, _uses_shell, argv, chdir, creates, executable, >> removes, stdin, stdin_add_newline, strip_empty_ends, warn"} >> >> On Fri, Jul 22, 2022 at 11:32 AM John Petro <[email protected]> >> wrote: >> >>> just for giggles, have you tried putting a sudo in front of your >>> command? I am not saying this would work, but just curious if maybe the >>> "become" is being honored on the remote site only, so locally it might >>> still be running as whatever local user you are running the ansible >>> playbook as. >>> >>> On Fri, Jul 22, 2022 at 2:21 PM Tony Wong <[email protected]> wrote: >>> >>>> trying to copy id_rsa.pub for a user (rke) on my ansible controller to >>>> authorized_keys on remote hosts >>>> >>>> I am running ansible playbook as user ansible >>>> >>>> since ansible user cannt access /home/rke/.ssh, it cannot lookup the >>>> pub key >>>> >>>> I tried elevating privileges on lookup tasks and cannot do it >>>> >>>> >>>> >>>> On Fri, Jul 22, 2022 at 11:12 AM John Petro <[email protected]> >>>> wrote: >>>> >>>>> I am sure you have mentioned this before, so forgive me if it's a >>>>> repeat. I couldn't find the email in my inbox. What is it you are trying >>>>> to do again? >>>>> >>>>> On Fri, Jul 22, 2022 at 2:07 PM Tony Wong <[email protected]> wrote: >>>>> >>>>>> >>>>>> trying to do this another way >>>>>> >>>>>> - name: copy id_rsa.pub to tmp for reading on localhost >>>>>> ansible.builtin.shell: >>>>>> cmd: "{{ command2 }}" >>>>>> register: shell_output >>>>>> become: true >>>>>> delegate_to: localhost >>>>>> >>>>>> >>>>>> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp' >>>>>> >>>>>> I am trying to run this only on the ansible controller (localhost) >>>>>> >>>>>> but it looks like its trying to run on remote nodes >>>>>> >>>>>> >>>>>> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg": >>>>>> "Unsupported parameters for (command) module: cmd Supported parameters >>>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable, >>>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"} >>>>>> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg": >>>>>> "Unsupported parameters for (command) module: cmd Supported parameters >>>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable, >>>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"} >>>>>> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg": >>>>>> "Unsupported parameters for (command) module: cmd Supported parameters >>>>>> include: _raw_params, _uses_shell, argv, chdir, creates, executable, >>>>>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"} >>>>>> >>>>>> >>>>>> any idea? >>>>>> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote: >>>>>> >>>>>>> do you mean something like this? >>>>>>> >>>>>>> >>>>>>> --- >>>>>>> # tasks file for createuser >>>>>>> - include_vars: >>>>>>> dir: vars >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{ >>>>>>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost* >>>>>>> >>>>>>> - name: create user rke >>>>>>> ansible.builtin.user: >>>>>>> name: '{{ username }}' >>>>>>> shell: '{{ shell }}' >>>>>>> generate_ssh_key: yes >>>>>>> create_home: yes >>>>>>> groups: [ "{{ group1 }}", "{{ group2 }}" ] >>>>>>> append: yes >>>>>>> ssh_key_file: .ssh/id_rsa >>>>>>> become: true >>>>>>> >>>>>>> - name: Make sure we have a 'wheel' group >>>>>>> group: >>>>>>> name: wheel >>>>>>> state: present >>>>>>> >>>>>>> - name: Allow 'wheel' group to have passwordless sudo >>>>>>> lineinfile: >>>>>>> dest: /etc/sudoers >>>>>>> state: present >>>>>>> regexp: '^%wheel' >>>>>>> line: '%wheel ALL=(ALL) NOPASSWD: ALL' >>>>>>> validate: 'visudo -cf %s' >>>>>>> >>>>>>> >>>>>>> - name: Setup authkeys for user rke >>>>>>> become: true >>>>>>> >>>>>>> authorized_key: >>>>>>> user: '{{ username }}' >>>>>>> state: present >>>>>>> key: auth_key >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong <[email protected]> wrote: >>>>>>>> > >>>>>>>> > yes it does, but the user (ansible) i am running the playbook >>>>>>>> with even though it has sudo rights and in root group cant access that >>>>>>>> folder. >>>>>>>> >>>>>>>> >>>>>>>> Your authorized_keys task is run on the remote host, but using the >>>>>>>> lookup/file plugin in one of the arguments doesn't allow for >>>>>>>> privilege >>>>>>>> escalation locally. >>>>>>>> I think for fetching the materials, you should have an initial >>>>>>>> set_fact task with delegate_to=localhost and set become=true on >>>>>>>> that. >>>>>>>> >>>>>>>> (not verified) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> > i tried to copy the id_rsa.pub to /tmp and it works >>>>>>>> > >>>>>>>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <[email protected]> >>>>>>>> wrote: >>>>>>>> >> >>>>>>>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running >>>>>>>> the ansible playbook from? Also, what happens if you try to do a ls on >>>>>>>> that directory as the user that is executing the ansible playbook, are >>>>>>>> you >>>>>>>> getting any errors? >>>>>>>> >> >>>>>>>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <[email protected]> >>>>>>>> wrote: >>>>>>>> >>> >>>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in >>>>>>>> expected paths (use -vvvvv to see paths) >>>>>>>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception >>>>>>>> occurred while running the lookup plugin 'file'. Error was a <class >>>>>>>> 'ansible.errors.AnsibleError'>, original message: could not locate >>>>>>>> file in >>>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"} >>>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in >>>>>>>> expected paths (use -vvvvv to see paths) >>>>>>>> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception >>>>>>>> occurred while running the lookup plugin 'file'. Error was a <class >>>>>>>> 'ansible.errors.AnsibleError'>, original message: could not locate >>>>>>>> file in >>>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"} >>>>>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in >>>>>>>> expected paths (use -vvvvv to see paths) >>>>>>>> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception >>>>>>>> occurred while running the lookup plugin 'file'. Error was a <class >>>>>>>> 'ansible.errors.AnsibleError'>, original message: could not locate >>>>>>>> file in >>>>>>>> lookup: /home/rke/.ssh/id_pub.rsa"} >>>>>>>> >>> >>>>>>>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>> >>>>>>>> >>>> how do i access to lookup the id_rsa.pub file? The user >>>>>>>> running ansible playbook has sudo rights on the controller >>>>>>>> >>>> >>>>>>>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>> >>>>>>>> >>>>> It would have root access — on the target machine, but not on >>>>>>>> the Ansible controller. >>>>>>>> >>>>> >>>>>>>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 >>>>>>>> [email protected] wrote: >>>>>>>> >>>>>> >>>>>>>> >>>>>> But I used become: in my main.yml >>>>>>>> >>>>>> >>>>>>>> >>>>>> Would that have root access? >>>>>>>> >>>>> >>>>>>>> >>>>> -- >>>>>>>> >>>>> You received this message because you are subscribed to a >>>>>>>> topic in the Google Groups "Ansible Project" group. >>>>>>>> >>>>> To unsubscribe from this topic, visit >>>>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe >>>>>>>> . >>>>>>>> >>>>> To unsubscribe from this group and all its topics, send an >>>>>>>> email to [email protected]. >>>>>>>> >>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com >>>>>>>> . >>>>>>>> >>> >>>>>>>> >>> -- >>>>>>>> >>> You received this message because you are subscribed to the >>>>>>>> Google Groups "Ansible Project" group. >>>>>>>> >>> To unsubscribe from this group and stop receiving emails from >>>>>>>> it, send an email to [email protected]. >>>>>>>> >>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com >>>>>>>> . >>>>>>>> >> >>>>>>>> >> -- >>>>>>>> >> You received this message because you are subscribed to a topic >>>>>>>> in the Google Groups "Ansible Project" group. >>>>>>>> >> To unsubscribe from this topic, visit >>>>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe >>>>>>>> . >>>>>>>> >> To unsubscribe from this group and all its topics, send an email >>>>>>>> to [email protected]. >>>>>>>> >> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com >>>>>>>> . >>>>>>>> > >>>>>>>> > -- >>>>>>>> > You received this message because you are subscribed to the >>>>>>>> Google Groups "Ansible Project" group. >>>>>>>> > To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> > To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com >>>>>>>> . >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to a topic in >>>>>>>> the Google Groups "Ansible Project" group. >>>>>>>> To unsubscribe from this topic, visit >>>>>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe >>>>>>>> . >>>>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>>>> [email protected]. >>>>>>>> >>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Ansible Project" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "Ansible Project" group. >>>>> To unsubscribe from this topic, visit >>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe >>>>> . >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob_vVDzNa_PuEECXDLjCb8532qFTDNwzjzYPBgStfr%2B4%2Bw%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob_vVDzNa_PuEECXDLjCb8532qFTDNwzjzYPBgStfr%2B4%2Bw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkpreazuMPR34At7PX_U3Pgwiho41N5TGGqaMyV1UCopjA%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/ansible-project/CALmkhkpreazuMPR34At7PX_U3Pgwiho41N5TGGqaMyV1UCopjA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAPAjob9DV1UBDVJU%3DBNa1w-QQZ%2BAAAanYOtSjbRavQhKmSAhDQ%40mail.gmail.com >>> <https://groups.google.com/d/msgid/ansible-project/CAPAjob9DV1UBDVJU%3DBNa1w-QQZ%2BAAAanYOtSjbRavQhKmSAhDQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CALmkhkpMdhZcS%3D94CP3ZaiG9wSsOnNmy_uJCNNLu%3DB_d63uzjA%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CALmkhkpMdhZcS%3D94CP3ZaiG9wSsOnNmy_uJCNNLu%3DB_d63uzjA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAPAjob-uZcFQd9M%3DiraOww%2BTHt61RmtFVj4DkwjzYfkbQmfYFw%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAPAjob-uZcFQd9M%3DiraOww%2BTHt61RmtFVj4DkwjzYfkbQmfYFw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkoWFfzoQ1i_R-7wJ9H2-GQbmB1dcXcOtMtKO2HSrQJQxQ%40mail.gmail.com.
