3

I'm looking for an easy way to add public keys to the authorized_keys file, if the key for the user is present in a specific directory. Right now it throws an error if the public key doesn't exist.

I want to create users on systems and push their public keys. For that, I am using the authorized_key module:

- name: Add pubkeys
  ansible.posix.authorized_key:
    user: "{{ item.username }}"
    state: present
    key: "{{ lookup('file', '~/ap/ansible/sonderfiles/{{ item.username }}_pubkey.pub') }}"
  loop: "{{ userlist }}"

I found threads mentioning the module stat but I cant figure out a way to iterate through a list of files and use the results in a when condition in the authorized_key module.

β.εηοιτ.βε
  • 33,893
  • 13
  • 69
  • 83
Julian
  • 109
  • 9
  • Now the question is: what is your ultimate goal: ditch the `userlist` variable and add keys for all *.pub in `~/ap/ansible/sonderfiles/` or keep the `userlist` and only prevents failure when the corresponding public key file does not exists? – β.εηοιτ.βε Jul 14 '22 at 14:27
  • @β.εηοιτ.βε It's certainly a good idea but it gives me template errors for every special character in the path.. No matter how i wrap it/or not wrap it in braces – Julian Jul 14 '22 at 14:31
  • @β.εηοιτ.βε The ultimate goal is the second one. I want to iterate through the whole list and add keys for every user. If a user doesnt have a pubkey then it should just skip the user and try with the next one. – Julian Jul 14 '22 at 14:32
  • 1
    Also mind, for your lookup that [moustache do not stack](https://stackoverflow.com/questions/67408680/how-can-i-make-ansible-interpret-a-variable-inside-a-variable) – β.εηοιτ.βε Jul 14 '22 at 14:38
  • @β.εηοιτ.βε Thank you very much. The last one did it. I still have to learn a lot about the syntax and usage of quotes and the tilde. Also thanks for mentioning the moustache stack. For me it was working perfectly but if it could be problematic, I'll change to a cleaner solution. Much appreciated! – Julian Jul 14 '22 at 14:51

1 Answers1

3

This can be achieve with a condition and an is file test.

This said, there is a little trick to it, like in maths, some operators are taking precedence on others, and in this case, the is operator of the test is taking precedent on the concatenation operator ~.
So, the trick is to put the concatenated path in parenthesis:

- name: Add pubkeys
  ansible.posix.authorized_key:
    user: "{{ item.username }}"
    state: present
    key: >-
      {{ lookup(
           'file', 
           '~/ap/ansible/sonderfiles/' ~ item.username ~ '_pubkey.pub'
      ) }}
  loop: "{{ userlist }}"
  when: "('~/ap/ansible/sonderfiles/' ~ item.username ~ '_pubkey.pub') is file"
β.εηοιτ.βε
  • 33,893
  • 13
  • 69
  • 83
  • Is there an advantage of using tildes (~) for concatenating strings over the plus symbol (+)? In the ansible documentation to lookups I saw that it uses pluses instead of tildes. – Julian Jul 14 '22 at 14:56
  • @Julian this is also explained in the [moustache do not stack](https://stackoverflow.com/questions/67408680/how-can-i-make-ansible-interpret-a-variable-inside-a-variable), really last bullet point. – β.εηοιτ.βε Jul 14 '22 at 15:01