I'd recommend storing you keys in files, and using lookup('file', ...)
The. You can store multiple keys in a single file.
Additionally you could just store multiple keys as a string with new lines
in your current data structure and not try using a list.
On Wednesday, May 7, 2014, Bruce Pennypacker <bruce.pennypac...@gmail.com>
wrote:
> We have a role that defines user accounts as follows:
>
> users:
> - username: user1
> comment: User 1
> uid: 3001
> ssh_key: "xxx"
>
> - username: user2
> comment: User 2
> uid: 3002
> ssh_key: "yyy"
>
> Users are then grouped by name into other lists:
>
> regular_users:
> - user1
> - user2
> ...
>
> ops_users:
> - user3
> - user4
> ...
>
> Our hosts then have a fact called user_roles that's a list of each group
> of users and individual usernames to create accounts for. We then have
> tasks defined like this:
>
> - name: add users
> user: name={{ item.username }}
> comment="{{ item.comment }}"
> uid={{ item.uid }}
> when: item.username in lookup('flattened',user_roles)
> with_items: users
>
> - name: add SSH keys
> authorized_key: user={{ item.username }}
> key="{{ item.ssh_key }}"
> when: item.username in lookup('flattened',user_roles) and item.ssh_key
> is defined
> with_items: users
>
> All of this is working great. We're managing about 50 different user
> accounts over 80 servers in varying groups without any difficulty. But now
> I'd like to be able to extend this to support multiple SSH keys for each
> user. So I'd like to be able to define a user along these lines:
>
> - username: userFoo
> comment: User Foo
> uid: 4321
> ssh_keys: [ 'xxx', 'yyy', 'zzz']
>
> But if I do this then I'm at a complete loss of how to rewrite the
> authorized_key task to handle it properly. At first glance I would expect
> that I'd need to use with_nested but I'm not entirely sure how to go about
> doing it. I tried variations of this, but haven't gotten anything to work:
>
> - name: add multiple SSH keys
> authorized_key: user={{ item[0].username }}
> key="{{ item.[1] }}"
> when: item[0].username in lookup('flattened',user_roles) and
> item[0].ssh_keys is defined
> with_nested:
> - users
> - item[0].ssh_keys
>
> Is there a better way of managing a dynamic list of ssh keys? Or am I
> just trying something that's too complex for Ansible to handle cleanly?
>
> -Bruce
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> ansible-project+unsubscr...@googlegroups.com<javascript:_e(%7B%7D,'cvml','ansible-project%2bunsubscr...@googlegroups.com');>
> .
> To post to this group, send email to
> ansible-project@googlegroups.com<javascript:_e(%7B%7D,'cvml','ansible-project@googlegroups.com');>
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ed9760ef-ae4d-4403-b145-2e8d0ec84d34%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/ed9760ef-ae4d-4403-b145-2e8d0ec84d34%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Matt Martz
m...@sivel.net
http://sivel.net/
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAD8N0v9OBLEkjZkq0qFN9zT2JHwrKxJrJ-%3DH3CR2SsH%2B39pn%2BA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
