Menu
I have written an ansible script to remove SSH keys from remote servers:
---
- name: "Add keys to the authorized_keys of the user ubuntu"
user: ubuntu
hosts: www
tasks:
- name: "Remove key #1"
authorized_key: user=ubuntu key="{{ item }}" state=absent
with_file:
- id_rsa_number_one.pub
- name: "Remove key #2"
authorized_key: user=ubuntu key="{{ item }}" state=absent
with_file:
- id_rsa_number_two.pub
...
Adding each file as a different task is preposterous, so I have tried using with_fileglob:
- name: "Remove all keys at once"
authorized_key: user=ubuntu key="{{ item }}" state=absent
with_fileglob:
- /Users/adamatan/ansible/id_rsa*.pub
But this fails with lines like this:
failed: [www.example.com] => (item=/Users/adamatan/ansible/id_rsa_one.pub) => {"failed": true, "item": "/Users/adamatan/ansible/id_rsa_one.pub"} msg: invalid key specified: /Users/adamatan/ansible/id_rsa_one.pub
The same key file is successfully removed using a unique task, but fails when it's a part of a fileglob.
How can I batch add or remove SSH keys using ansible?
455
Generate two different SSH keys in the local Git repository. ssh-keygen -t rsa -C "email" Generating public/private rsa key pair. Enter file in which to save the key (~/. ssh/id_rsa):< Type two file names before pressing Enter. >
I believe you are only getting the filenames using with_fileglob, but with_file retrieves the contents of the file. And the authorized_key module requires the actual key.
So you should still loop by using with_fileglob, but instead of sending the filename to the "key=" parameter, you should use the file lookup plugin).
- name: "Remove all keys at once"
authorized_key: user=ubuntu key="{{ lookup('file', item) }}" state=absent
with_fileglob:
- /Users/adamatan/ansible/id_rsa*.pub
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
