I am sure you have mentioned this before, so forgive me if it's a repeat. I couldn't find the email in my inbox. What is it you are trying to do again?
On Fri, Jul 22, 2022 at 2:07 PM Tony Wong <[email protected]> wrote: > > trying to do this another way > > - name: copy id_rsa.pub to tmp for reading on localhost > ansible.builtin.shell: > cmd: "{{ command2 }}" > register: shell_output > become: true > delegate_to: localhost > > > where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp' > > I am trying to run this only on the ansible controller (localhost) > > but it looks like its trying to run on remote nodes > > > fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg": > "Unsupported parameters for (command) module: cmd Supported parameters > include: _raw_params, _uses_shell, argv, chdir, creates, executable, > removes, stdin, stdin_add_newline, strip_empty_ends, warn"} > fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg": > "Unsupported parameters for (command) module: cmd Supported parameters > include: _raw_params, _uses_shell, argv, chdir, creates, executable, > removes, stdin, stdin_add_newline, strip_empty_ends, warn"} > fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg": > "Unsupported parameters for (command) module: cmd Supported parameters > include: _raw_params, _uses_shell, argv, chdir, creates, executable, > removes, stdin, stdin_add_newline, strip_empty_ends, warn"} > > > any idea? > On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote: > >> do you mean something like this? >> >> >> --- >> # tasks file for createuser >> - include_vars: >> dir: vars >> >> >> >> >> *- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{ >> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost* >> >> - name: create user rke >> ansible.builtin.user: >> name: '{{ username }}' >> shell: '{{ shell }}' >> generate_ssh_key: yes >> create_home: yes >> groups: [ "{{ group1 }}", "{{ group2 }}" ] >> append: yes >> ssh_key_file: .ssh/id_rsa >> become: true >> >> - name: Make sure we have a 'wheel' group >> group: >> name: wheel >> state: present >> >> - name: Allow 'wheel' group to have passwordless sudo >> lineinfile: >> dest: /etc/sudoers >> state: present >> regexp: '^%wheel' >> line: '%wheel ALL=(ALL) NOPASSWD: ALL' >> validate: 'visudo -cf %s' >> >> >> - name: Setup authkeys for user rke >> become: true >> >> authorized_key: >> user: '{{ username }}' >> state: present >> key: auth_key >> >> >> >> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <[email protected]> wrote: >> >>> On Thu, 21 Jul 2022 at 16:32, Tony Wong <[email protected]> wrote: >>> > >>> > yes it does, but the user (ansible) i am running the playbook with >>> even though it has sudo rights and in root group cant access that folder. >>> >>> >>> Your authorized_keys task is run on the remote host, but using the >>> lookup/file plugin in one of the arguments doesn't allow for privilege >>> escalation locally. >>> I think for fetching the materials, you should have an initial >>> set_fact task with delegate_to=localhost and set become=true on that. >>> >>> (not verified) >>> >>> >>> >>> > i tried to copy the id_rsa.pub to /tmp and it works >>> > >>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <[email protected]> >>> wrote: >>> >> >>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the >>> ansible playbook from? Also, what happens if you try to do a ls on that >>> directory as the user that is executing the ansible playbook, are you >>> getting any errors? >>> >> >>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <[email protected]> wrote: >>> >>> >>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected >>> paths (use -vvvvv to see paths) >>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception >>> occurred while running the lookup plugin 'file'. Error was a <class >>> 'ansible.errors.AnsibleError'>, original message: could not locate file in >>> lookup: /home/rke/.ssh/id_pub.rsa"} >>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected >>> paths (use -vvvvv to see paths) >>> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception >>> occurred while running the lookup plugin 'file'. Error was a <class >>> 'ansible.errors.AnsibleError'>, original message: could not locate file in >>> lookup: /home/rke/.ssh/id_pub.rsa"} >>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected >>> paths (use -vvvvv to see paths) >>> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception >>> occurred while running the lookup plugin 'file'. Error was a <class >>> 'ansible.errors.AnsibleError'>, original message: could not locate file in >>> lookup: /home/rke/.ssh/id_pub.rsa"} >>> >>> >>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <[email protected]> wrote: >>> >>>> >>> >>>> how do i access to lookup the id_rsa.pub file? The user running >>> ansible playbook has sudo rights on the controller >>> >>>> >>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <[email protected]> >>> wrote: >>> >>>>> >>> >>>>> It would have root access — on the target machine, but not on the >>> Ansible controller. >>> >>>>> >>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 [email protected] >>> wrote: >>> >>>>>> >>> >>>>>> But I used become: in my main.yml >>> >>>>>> >>> >>>>>> Would that have root access? >>> >>>>> >>> >>>>> -- >>> >>>>> You received this message because you are subscribed to a topic in >>> the Google Groups "Ansible Project" group. >>> >>>>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe >>> . >>> >>>>> To unsubscribe from this group and all its topics, send an email >>> to [email protected]. >>> >>>>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com >>> . >>> >>> >>> >>> -- >>> >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> >>> To unsubscribe from this group and stop receiving emails from it, >>> send an email to [email protected]. >>> >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com >>> . >>> >> >>> >> -- >>> >> You received this message because you are subscribed to a topic in >>> the Google Groups "Ansible Project" group. >>> >> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe >>> . >>> >> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com >>> . >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> > To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com >>> . >>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/d6400248-2fb3-4ef8-bd7a-e897650f7a3fn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob_vVDzNa_PuEECXDLjCb8532qFTDNwzjzYPBgStfr%2B4%2Bw%40mail.gmail.com.
