ok now getting different error
ASK [rancherpocreplay : Setup authkeys for user rke]
************************************************************************************************************************
[WARNING]: The value {'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI
0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVt
VVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT
2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3
g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==',
'source': '/home/rke/.ssh/id_rsa.pub', 'changed':
False, 'encoding': 'base64', 'failed': False} (type dict) in a string field
was converted to u"{'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZ
zNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdW
VrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2Q
zbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0r
OFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhd
GVkIG9uIGs4Z3VpCg==', 'source': '/home/rke/.ssh/id_rsa.pub', 'changed':
False, 'encoding': 'base64', 'failed': False}" (type string). If this does
not look like what you
expect, quote the entire value to ensure it does not change.
fatal: [k8node01]: FAILED! => {"changed": false, "msg": "invalid key
specified: {'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==',
'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding':
'base64', 'failed': False}"}
fatal: [k8node02]: FAILED! => {"changed": false, "msg": "invalid key
specified: {'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==',
'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding':
'base64', 'failed': False}"}
fatal: [k8master]: FAILED! => {"changed": false, "msg": "invalid key
specified: {'content':
'c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FERjhsU2I2d01VZzNBaWwrd1I5ajZGTFViMzE1eWp4WkpFY0huQkV6a0lwNG5rZ2RqbVpiWHFUb3FwN0hGMkdydUI0RnRzNldJMjFXQVhtSGFKekkyUXlJdHhPdjJ4R1VoVnFlTUM3MkIxZUJVaHNDNHlOZXh4VTZLN200MXVFTVJxVEFVR2wweFZZdWVrYk00S0dXWlpSMXhMWVFXcElWN1dPY2hYbklDcnl6TDNIYkdvL01weGxGTWxBVmdQcGp4dWVtVVNycnQ3c1VpanVBK09aTGNScTlzOVg5aHZkeGZ0YUdPNEhndlFvWmV0cEgvTnFySitZUENKMjRzSC9BM0hRcEhsYVhVemdYa2QzbUpIdzdBOFBzcExESjBmbHN6L2hqbWhnQmF6OWN1SmZaQUp1eWxsbUk3NXpRekFRRklFYUtMT2RVRW5XQWR3a2F3N1FnWXZGbmZwODk3SVowYitXWlR5WmdZYzgvY295Vi8wb293L3VOMHB6bTl3L1k4VnlUWURxdk5ZSGJnem0rOFJTRmRKc25qOTdYU05OY3hWZXA4N2QwY2d2Tk5ERWU5dXVmdkl6eVBOZmh3Y2dvYlhTampzU3g0b0tGc216eWlaWGFJVnZaYmRzYzk3Z3J5ZytWUXBmemYyRkhuanBrTExsYlMwclhhc3FQbmJCL2s9IGFuc2libGUtZ2VuZXJhdGVkIG9uIGs4Z3VpCg==',
'source': '/home/rke/.ssh/id_rsa.pub', 'changed': False, 'encoding':
'base64', 'failed': False}"}
I
On Fri, Jul 22, 2022 at 1:28 PM Todd Lewis <uto...@gmail.com> wrote:
> The error message is pretty clear: the command module doesn't have a "cmd"
> parameter. (Then it helpfully lists the parameters it does have.)
> You could say
>
> ansible.builtin.shell: "{{ command2 }}"
>
> But Brian already gave you a solution, which I'll repeat here:
> You either need to run ansible-playbook as a user with permissions (rke,
> root?)
> or use a task to read the file while using privilege escalation (become):
> - slurp:
> path: , '*/home/rke/*.ssh/id_rsa.pub'
> become: yes
> delegate_to: localhost
> register: rke_pub_key
> This is the equivalent of you doing `sudo cat */home/rke/*.ssh/id_rsa.pub'
> (lookups always run 'locally and are not affected by become, which only
> affects the 'remote' side of a task).
>
>
>
> On Friday, July 22, 2022 at 2:06:55 PM UTC-4 tdub...@gmail.com wrote:
>
>>
>> trying to do this another way
>>
>> - name: copy id_rsa.pub to tmp for reading on localhost
>> ansible.builtin.shell:
>> cmd: "{{ command2 }}"
>> register: shell_output
>> become: true
>> delegate_to: localhost
>>
>>
>> where command2 is 'cp /home/rke/.ssh/id_rsa.pub /tmp'
>>
>> I am trying to run this only on the ansible controller (localhost)
>>
>> but it looks like its trying to run on remote nodes
>>
>>
>> fatal: [k8node02 -> localhost]: FAILED! => {"changed": false, "msg":
>> "Unsupported parameters for (command) module: cmd Supported parameters
>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>> fatal: [k8master -> localhost]: FAILED! => {"changed": false, "msg":
>> "Unsupported parameters for (command) module: cmd Supported parameters
>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>> fatal: [k8node01 -> localhost]: FAILED! => {"changed": false, "msg":
>> "Unsupported parameters for (command) module: cmd Supported parameters
>> include: _raw_params, _uses_shell, argv, chdir, creates, executable,
>> removes, stdin, stdin_add_newline, strip_empty_ends, warn"}
>>
>>
>> any idea?
>> On Thursday, July 21, 2022 at 9:42:44 AM UTC-7 Tony Wong wrote:
>>
>>> do you mean something like this?
>>>
>>>
>>> ---
>>> # tasks file for createuser
>>> - include_vars:
>>> dir: vars
>>>
>>>
>>>
>>>
>>> *- name: Get id_rsa.pub from localhost set_fact: auth_key: "{{
>>> lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" delegate_to: localhost*
>>>
>>> - name: create user rke
>>> ansible.builtin.user:
>>> name: '{{ username }}'
>>> shell: '{{ shell }}'
>>> generate_ssh_key: yes
>>> create_home: yes
>>> groups: [ "{{ group1 }}", "{{ group2 }}" ]
>>> append: yes
>>> ssh_key_file: .ssh/id_rsa
>>> become: true
>>>
>>> - name: Make sure we have a 'wheel' group
>>> group:
>>> name: wheel
>>> state: present
>>>
>>> - name: Allow 'wheel' group to have passwordless sudo
>>> lineinfile:
>>> dest: /etc/sudoers
>>> state: present
>>> regexp: '^%wheel'
>>> line: '%wheel ALL=(ALL) NOPASSWD: ALL'
>>> validate: 'visudo -cf %s'
>>>
>>>
>>> - name: Setup authkeys for user rke
>>> become: true
>>>
>>> authorized_key:
>>> user: '{{ username }}'
>>> state: present
>>> key: auth_key
>>>
>>>
>>>
>>> On Thu, Jul 21, 2022 at 7:48 AM Dick Visser <dnmv...@gmail.com> wrote:
>>>
>>>> On Thu, 21 Jul 2022 at 16:32, Tony Wong <tdub...@gmail.com> wrote:
>>>> >
>>>> > yes it does, but the user (ansible) i am running the playbook with
>>>> even though it has sudo rights and in root group cant access that folder.
>>>>
>>>>
>>>> Your authorized_keys task is run on the remote host, but using the
>>>> lookup/file plugin in one of the arguments doesn't allow for privilege
>>>> escalation locally.
>>>> I think for fetching the materials, you should have an initial
>>>> set_fact task with delegate_to=localhost and set become=true on that.
>>>>
>>>> (not verified)
>>>>
>>>>
>>>>
>>>> > i tried to copy the id_rsa.pub to /tmp and it works
>>>> >
>>>> > On Thu, Jul 21, 2022 at 7:10 AM John Petro <jcp...@johnpetro.com>
>>>> wrote:
>>>> >>
>>>> >> Does /home/rke/.ssh/id_pub.rsa exist on the host you are running the
>>>> ansible playbook from? Also, what happens if you try to do a ls on that
>>>> directory as the user that is executing the ansible playbook, are you
>>>> getting any errors?
>>>> >>
>>>> >> On Thu, Jul 21, 2022 at 9:09 AM Tony Wong <tdub...@gmail.com> wrote:
>>>> >>>
>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>> paths (use -vvvvv to see paths)
>>>> >>> fatal: [k8master]: FAILED! => {"msg": "An unhandled exception
>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>> paths (use -vvvvv to see paths)
>>>> >>> fatal: [k8node01]: FAILED! => {"msg": "An unhandled exception
>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>> >>> [WARNING]: Unable to find '/home/rke/.ssh/id_pub.rsa' in expected
>>>> paths (use -vvvvv to see paths)
>>>> >>> fatal: [k8node02]: FAILED! => {"msg": "An unhandled exception
>>>> occurred while running the lookup plugin 'file'. Error was a <class
>>>> 'ansible.errors.AnsibleError'>, original message: could not locate file in
>>>> lookup: /home/rke/.ssh/id_pub.rsa"}
>>>> >>>
>>>> >>> On Thu, Jul 21, 2022 at 5:32 AM Tony Wong <tdub...@gmail.com>
>>>> wrote:
>>>> >>>>
>>>> >>>> how do i access to lookup the id_rsa.pub file? The user running
>>>> ansible playbook has sudo rights on the controller
>>>> >>>>
>>>> >>>> On Wed, Jul 20, 2022 at 4:31 PM Todd Lewis <uto...@gmail.com>
>>>> wrote:
>>>> >>>>>
>>>> >>>>> It would have root access — on the target machine, but not on the
>>>> Ansible controller.
>>>> >>>>>
>>>> >>>>> On Wednesday, July 20, 2022 at 6:24:24 PM UTC-4 tdub...@gmail.com
>>>> wrote:
>>>> >>>>>>
>>>> >>>>>> But I used become: in my main.yml
>>>> >>>>>>
>>>> >>>>>> Would that have root access?
>>>> >>>>>
>>>> >>>>> --
>>>> >>>>> You received this message because you are subscribed to a topic
>>>> in the Google Groups "Ansible Project" group.
>>>> >>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>> .
>>>> >>>>> To unsubscribe from this group and all its topics, send an email
>>>> to ansible-proje...@googlegroups.com.
>>>> >>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/420506bd-39ce-4cc5-b6c5-58a65b3a3e3bn%40googlegroups.com
>>>> .
>>>> >>>
>>>> >>> --
>>>> >>> You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> >>> To unsubscribe from this group and stop receiving emails from it,
>>>> send an email to ansible-proje...@googlegroups.com.
>>>> >>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkohoHcMf3KBDbprOgPPZkyQTvALAyH%2Bov%2Bnr_OcCz1koA%40mail.gmail.com
>>>> .
>>>> >>
>>>> >> --
>>>> >> You received this message because you are subscribed to a topic in
>>>> the Google Groups "Ansible Project" group.
>>>> >> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>> .
>>>> >> To unsubscribe from this group and all its topics, send an email to
>>>> ansible-proje...@googlegroups.com.
>>>> >> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CAPAjob8Kz3CmwXpnREAMYW_omF0J5HuEz5UtMACrSG7sMnSitw%40mail.gmail.com
>>>> .
>>>> >
>>>> > --
>>>> > You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> > To unsubscribe from this group and stop receiving emails from it,
>>>> send an email to ansible-proje...@googlegroups.com.
>>>> > To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CALmkhkq3tKEwQ8nSBT4Nu1kwCp%2BZAYVrYvozUQ5MFLTMkL_yNQ%40mail.gmail.com
>>>> .
>>>>
>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "Ansible Project" group.
>>>> To unsubscribe from this topic, visit
>>>> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe
>>>> .
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> ansible-proje...@googlegroups.com.
>>>>
>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/CAF8BbLZVQZ5qdJSLjnxHoTirc9rzPqtUuLHEd52Bg2tAYUEbeg%40mail.gmail.com
>>>> .
>>>>
>>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/gkaigHAiAC0/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8c50e7fd-a866-4e41-b49f-cee4cf39af48n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/8c50e7fd-a866-4e41-b49f-cee4cf39af48n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkpL6wgRHzkdQpVK9XjS9jK1hKDAOjjLFEGQQTaP3a_%3DSw%40mail.gmail.com.
