ok now getting different error
ASK [rancherpocreplay : Setup authkeys for user rke]
************************************************************************************************************************
[WARNING]: The value {'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI
0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVt
VVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT
2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3
g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==',
'source': '/home/rke/.ssh/id_rsa.pub', 'changed':
False, 'encoding': 'base64', 'failed': False} (type dict) in a string field
was converted to u"{'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZ
zNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdW
VrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2Q
zbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0r
OFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhd
GVkIG9uIGs4Z3VpCg==', 'source': '/home/rke/.ssh/id_rsa.pub', 'changed':
False, 'encoding': 'base64', 'failed': False}" (type string). If this does
not look like what you
expect, quote the entire value to ensure it does not change.
fatal: [k8node01]: FAILED! => {"changed": false, "msg": "invalid key
specified: {'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==',
'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding':
'base64', 'failed': False}"}
fatal: [k8node02]: FAILED! => {"changed": false, "msg": "invalid key
specified: {'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==',
'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding':
'base64', 'failed': False}"}
fatal: [k8master]: FAILED! => {"changed": false, "msg": "invalid key
specified: {'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==',
'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding':
'base64', 'failed': False}"}
I
On Fri, Jul 22, 2022 at 1:28 PM Todd Lewis <[email protected]> wrote:
> The error message is pretty clear: the command module doesn't have a "cmd"
> parameter. (Then it helpfully lists the parameters it does have.)
> You could say
>
> ansible.builtin.shell: "{{ command2 }}"
>
> But Brian already gave you a solution, which I'll repeat here:
> You either need to run ansible-playbook as a user with permissions (rke,
> root?)
> or use a task to read the file while using privilege escalation (become):
> - slurp:
> path: , '*/home/rke/*.ssh/id_rsa.pub'
> become: yes
> delegate_to: localhost
> register: rke_pub_key
> This is the equivalent of you doing `sudo cat */home/rke/*.ssh/id_rsa.pub'
> (lookups always run 'locally and are not affected by become, which only
> affects the 'remote' side of a task).
>
>
>
> On Friday, July 22, 2022 at 2:06:55 PM UTC-4 [email protected] wrote:
>
>>
>> trying to do this another way
>>
>> - name: copy id_rsa.pub to tmp for reading on localhost
>> ansible.builtin.shell:
>> cmd: "{{ command2 }}"
>> register: shell_output
>> become: true
>> delegate_to: localhost
>>
>>
>> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>>
>> I am trying to run this only on the ansible controller (localhost)
>>
>> but it looks like its trying to run on remote nodes
>>
>>
>> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
>> "Unsupported parameters for (command) module: cmd Supported parameters
>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
>> "Unsupported parameters for (command) module: cmd Supported parameters
>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
>> "Unsupported parameters for (command) module: cmd Supported parameters
>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>
>>
>> any idea?
>> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>>
>>> do you mean something like this?
>>>
>>>
>>> ---
>>> # tasks file for createuser
>>> - include_vars:
>>> dir: vars
>>>
>>>
>>>
>>>
>>> *- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{
>>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost*
>>>
>>> - name: create user rke
>>> ansible.builtin.user:
>>> name: '{{ username }}'
>>> shell: '{{ shell }}'
>>> generate_ssh_key: yes
>>> create_home: yes
>>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>>> append: yes
>>> ssh_key_file: .ssh/id_rsa
>>> become: true
>>>
>>> - name: Make sure we have a 'wheel' group
>>> group:
>>> name: wheel
>>> state: present
>>>
>>> - name: Allow 'wheel' group to have passwordless sudo
>>> lineinfile:
>>> dest: /etc/sudoers
>>> state: present
>>> regexp: '^%wheel'
>>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>>> validate: 'visudo -cf %s'
>>>
>>>
>>> - name: Setup authkeys for user rke
>>> become: true
>>>
>>> authorized_key:
>>> user: '{{ username }}'
>>> state: present
>>> key: auth_key
>>>
>>>
>>>
>>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <[email protected]> wrote:
>>>
>>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong <[email protected]> wrote:
>>>> >
>>>> > yes it does, but the user (ansible) i am running the playbook with
>>>> even though it has sudo rights and in root group cant access that folder.
>>>>
>>>>
>>>> Your authorized_keys task is run on the remote host, but using the
>>>> lookup/file plugin in one of the arguments doesn't allow for privilege
>>>> escalation locally.
>>>> I think for fetching the materials, you should have an initial
>>>> set_fact task with delegate_to=localhost and set become=true on that.
>>>>
>>>> (not verified)
>>>>
>>>>
>>>>
>>>> > i tried to copy the id_rsa.pub to /tmp and it works
>>>> >
>>>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <[email protected]>
>>>> wrote:
>>>> >>
>>>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the
>>>> ansible playbook from? Also, what happens if you try to do a ls on that
>>>> directory as the user that is executing the ansible playbook, are you
>>>> getting any errors?
>>>> >>
>>>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <[email protected]> wrote:
>>>> >>>
>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>> paths (use -vvvvv to see paths)
>>>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception
>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>> paths (use -vvvvv to see paths)
>>>> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception
>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>> paths (use -vvvvv to see paths)
>>>> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception
>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>> >>>
>>>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <[email protected]>
>>>> wrote:
>>>> >>>>
>>>> >>>> how do i access to lookup the id_rsa.pub file? The user running
>>>> ansible playbook has sudo rights on the controller
>>>> >>>>
>>>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <[email protected]>
>>>> wrote:
>>>> >>>>>
>>>> >>>>> It would have root access — on the target machine, but not on the
>>>> Ansible controller.
>>>> >>>>>
>>>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 [email protected]
>>>> wrote:
>>>> >>>>>>
>>>> >>>>>> But I used become: in my main.yml
>>>> >>>>>>
>>>> >>>>>> Would that have root access?
>>>> >>>>>
>>>> >>>>> --
>>>> >>>>> You received this message because you are subscribed to a topic
>>>> in the Google Groups "Ansible Project" group.
>>>> >>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>> .
>>>> >>>>> To unsubscribe from this group and all its topics, send an email
>>>> to [email protected].
>>>> >>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
>>>> .
>>>> >>>
>>>> >>> --
>>>> >>> You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> >>> To unsubscribe from this group and stop receiving emails from it,
>>>> send an email to [email protected].
>>>> >>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
>>>> .
>>>> >>
>>>> >> --
>>>> >> You received this message because you are subscribed to a topic in
>>>> the Google Groups "Ansible Project" group.
>>>> >> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>> .
>>>> >> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>> >> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com
>>>> .
>>>> >
>>>> > --
>>>> > You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> > To unsubscribe from this group and stop receiving emails from it,
>>>> send an email to [email protected].
>>>> > To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com
>>>> .
>>>>
>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "Ansible Project" group.
>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>> .
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>>
>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com
>>>> .
>>>>
>>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8c50e7fd-a866-4e41-b49f-cee4cf39af48n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/8c50e7fd-a866-4e41-b49f-cee4cf39af48n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkpL6wgRHzkdQpVK9XjS9jK1hKDAOjjLFEGQQTaP3a_%3DSw%40mail.gmail.com.
