I am trying to build a playbook which includes distributing authorized SSH keys.
Each user's key is put into its own file named after the username. Users who need to be distributed are set in the variable, and then it uses lookup to read files in a loop. Strange enough, debug
module works, but authorized_key
module doesn't work with exactly same lookup. This is the playbook:
- hosts: hosts
vars_files:
- users-config.yaml
tasks:
- debug:
msg: "{{ lookup('file', 'ssh_keys/' + item.username) }}"
when: item.state == "present"
loop: "{{ users }}"
- name: distirbute authorized_keys
ansible.posix.authorized_key:
user: "{{ item.key }}"
key: "{{ lookup('file', 'ssh_keys/' + item.username) }}"
manage_dir: true
when: item.state == "present"
loop: "{{ users }}"
users-config.yaml
has the following structure:
users:
- username: apushkin
gecos: Alexander Pushkin
state: present
groups: wheel
- username: nkhrushchev
gecos: Nikita Khrushchev
state: present
groups: wheel
ssh_keys/apushkin
and nkhrushchev
each contain one or several SSH keys and are readable. The ansible-playbook --check playbook.yaml
results in the following output:
TASK [debug] ********************************************************************************************************************************************************************************
ok: [host1] => (item={'username': 'apushkin', 'gecos': 'Alexander Pushkin', 'state': 'present', 'groups': 'wheel'}) => {
"msg": "ssh-rsa AAAA..."
}
ok: [host1] => (item={'username': 'nkhrushchev', 'gecos': 'Nikita Khrushchev', 'state': 'present', 'groups': 'wheel'}) => {
"msg": "ecdsa-sha2-nistp384 AAAA...\nssh-ed25519 AAAA..."
}
ok: [host2] => (item={'username': 'apushkin', 'gecos': 'Alexander Pushkin', 'state': 'present', 'groups': 'wheel'}) => {
"msg": "ssh-rsa AAAA..."
}
ok: [host2] => (item={'username': 'nkhrushchev', 'gecos': 'Nikita Khrushchev', 'state': 'present', 'groups': 'wheel'}) => {
"msg": "ecdsa-sha2-nistp384 AAAA...\nssh-ed25519 AAAA..."
}
TASK [distribute authorized_keys] ***********************************************************************************************************************************************************
fatal: [host1]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'key'\n\nThe error appears to be in '/home/username/Ansible/playbook.yaml': line 9, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n loop: \"{{ users }}\"\n - name: distribute authorized_keys\n ^ here\n"}
fatal: [host2]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'key'\n\nThe error appears to be in '/home/username/Ansible/playbook.yaml': line 9, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n loop: \"{{ users }}\"\n - name: distribute authorized_keys\n ^ here\n"}
Why? Is there an alternate way of doing this?
Best Answer
This is the key (no pun intended):
Your users definition has not attribute
key
. You most probably want to useusername
instead.