The error message is pretty clear: the command module doesn't have a "cmd"
parameter. (Then it helpfully lists the parameters it does have.)
You could say
ansible.builtin.shell: "{{ command2 }}"
But Brian already gave you a solution, which I'll repeat here:
You either need to run ansible-playbook as a user with permissions (rke,
root?)
or use a task to read the file while using privilege escalation (become):
- slurp:
path: , '*/home/rke/*.ssh/id_rsa.pub'
become: yes
delegate_to: localhost
register: rke_pub_key
This is the equivalent of you doing `sudo cat */home/rke/*.ssh/id_rsa.pub'
(lookups always run 'locally and are not affected by become, which only
affects the 'remote' side of a task).
On Friday, July 22, 2022 at 2:06:55 PM UTC-4 [email protected] wrote:
>
> trying to do this another way
>
> - name: copy id_rsa.pub to tmp for reading on localhost
> ansible.builtin.shell:
> cmd: "{{ command2 }}"
> register: shell_output
> become: true
> delegate_to: localhost
>
>
> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>
> I am trying to run this only on the ansible controller (localhost)
>
> but it looks like its trying to run on remote nodes
>
>
> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
> "Unsupported parameters for (command) module: cmd Supported parameters
> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>
>
> any idea?
> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>
>> do you mean something like this?
>>
>>
>> ---
>> # tasks file for createuser
>> - include_vars:
>> dir: vars
>>
>>
>>
>>
>> *- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{
>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost*
>>
>> - name: create user rke
>> ansible.builtin.user:
>> name: '{{ username }}'
>> shell: '{{ shell }}'
>> generate_ssh_key: yes
>> create_home: yes
>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>> append: yes
>> ssh_key_file: .ssh/id_rsa
>> become: true
>>
>> - name: Make sure we have a 'wheel' group
>> group:
>> name: wheel
>> state: present
>>
>> - name: Allow 'wheel' group to have passwordless sudo
>> lineinfile:
>> dest: /etc/sudoers
>> state: present
>> regexp: '^%wheel'
>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>> validate: 'visudo -cf %s'
>>
>>
>> - name: Setup authkeys for user rke
>> become: true
>>
>> authorized_key:
>> user: '{{ username }}'
>> state: present
>> key: auth_key
>>
>>
>>
>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <[email protected]> wrote:
>>
>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong <[email protected]> wrote:
>>> >
>>> > yes it does, but the user (ansible) i am running the playbook with
>>> even though it has sudo rights and in root group cant access that folder.
>>>
>>>
>>> Your authorized_keys task is run on the remote host, but using the
>>> lookup/file plugin in one of the arguments doesn't allow for privilege
>>> escalation locally.
>>> I think for fetching the materials, you should have an initial
>>> set_fact task with delegate_to=localhost and set become=true on that.
>>>
>>> (not verified)
>>>
>>>
>>>
>>> > i tried to copy the id_rsa.pub to /tmp and it works
>>> >
>>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <[email protected]>
>>> wrote:
>>> >>
>>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the
>>> ansible playbook from? Also, what happens if you try to do a ls on that
>>> directory as the user that is executing the ansible playbook, are you
>>> getting any errors?
>>> >>
>>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <[email protected]> wrote:
>>> >>>
>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>> paths (use -vvvvv to see paths)
>>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception
>>> occurred while running the lookup plugin 'file'. Error was a <class
>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>> paths (use -vvvvv to see paths)
>>> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception
>>> occurred while running the lookup plugin 'file'. Error was a <class
>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>> paths (use -vvvvv to see paths)
>>> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception
>>> occurred while running the lookup plugin 'file'. Error was a <class
>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>> >>>
>>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <[email protected]> wrote:
>>> >>>>
>>> >>>> how do i access to lookup the id_rsa.pub file? The user running
>>> ansible playbook has sudo rights on the controller
>>> >>>>
>>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <[email protected]>
>>> wrote:
>>> >>>>>
>>> >>>>> It would have root access — on the target machine, but not on the
>>> Ansible controller.
>>> >>>>>
>>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 [email protected]
>>> wrote:
>>> >>>>>>
>>> >>>>>> But I used become: in my main.yml
>>> >>>>>>
>>> >>>>>> Would that have root access?
>>> >>>>>
>>> >>>>> --
>>> >>>>> You received this message because you are subscribed to a topic in
>>> the Google Groups "Ansible Project" group.
>>> >>>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>> .
>>> >>>>> To unsubscribe from this group and all its topics, send an email
>>> to [email protected].
>>> >>>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
>>> .
>>> >>>
>>> >>> --
>>> >>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> >>> To unsubscribe from this group and stop receiving emails from it,
>>> send an email to [email protected].
>>> >>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
>>> .
>>> >>
>>> >> --
>>> >> You received this message because you are subscribed to a topic in
>>> the Google Groups "Ansible Project" group.
>>> >> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>> .
>>> >> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> >> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com
>>> .
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> > To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com
>>> .
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com
>>> .
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/8c50e7fd-a866-4e41-b49f-cee4cf39af48n%40googlegroups.com.
