I am working on it to provide you an use case.. but.
is by any chance the authorizing_file modules sanitizing aka removing
duplicates entries on the remote authorized_key file even if it was not in
the key string passed to be removed
in that case there is probably no issue i must do some tests :)
i keep you posted.
regards
M
On Thursday, May 28, 2020 at 6:02:03 PM UTC+2, Dick Visser wrote:
>
> The fact that multiple keys begin with AAAAB3NzaC1yc2EAAAA is because
> they share the same header - this is OK.
> The module takes the entire key string into account.
>
> Can you maybe reproduce this in a way that we can look at it?
> Otherwise it will be impossible to tell what is wrong (other that
> guessing what it might be).
>
>
> Dick
>
> On Thu, 28 May 2020 at 17:02, 'Mario Garcia' via Ansible Project
> <ansible...@googlegroups.com <javascript:>> wrote:
> >
> > Hello
> >
> > no the key are differents but i think that ansible modules only match
> the beginning of the line but not the whole file
> >
> > i am not going to list all the public keys here but:
> > the public key that has to be removed and the ones that are wrongly
> being removed have the 'same' beginning::
> >
> > ssh-rsa AAAAB3NzaC1yc2EAAAA...
> > after this both lines in authorized keys differ
> >
> > so does the authorized_key module only looks for the beginning of the
> line?
> >
> > the /path/to/totpubkey.pub is a normal regular ssh-rsa public key file
> are standard public file with the publick key and authorized key files
> are one key per line.. nothing fancy
> >
> >
> >
> > On Thursday, May 28, 2020 at 4:07:16 PM UTC+2, Mario Garcia wrote:
> >>
> >> Hello
> >>
> >> I need to clean up a bit the authorized keys files on our infra
> >> i created a simple palybook that goes and removed one key from the
> remote authorized_keys files but when I run it in check/diff mode i see it
> tried to remove far too many lines
> >>
> >>
> >> this is the playbook
> >>
> >> ---
> >> - hosts: all
> >>
> >>
> >> tasks;
> >>
> >> - name: remove public keys
> >>
> >> authorized_key:
> >> user: toto
> >> state: absent
> >> key: "{{ lookup('file', '/path/to/totpubkey.pub') }}"
> >>
> >>
> >> I see absolutely no reason why in some hosts there are several public
> keys that are being removed for the authorized_keys files and since the
> module does not have a backup option is a bit of a problem.
> >>
> >> how could I use perhaps lineinfile to do the same? or how detect what
> is causing the module to delete several lines instead on just the one
> provided?
> >>
> >> thank you.
> >>
> >>
> >>
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible...@googlegroups.com <javascript:>.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ab796701-f5dd-4619-871b-0dc5c0bb8b24%40googlegroups.com.
>
>
>
>
>
> --
> Dick Visser
> Trust & Identity Service Operations Manager
> GÉANT
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/bac80808-3816-437e-845a-b7132884e1a8%40googlegroups.com.
