Re: [ansible-project] Manage SSh-Keys

[Ben Cohen]

I think you should take a look at the authorized_keys module again -- you
can pass multiple keys to a single invocation when using the exclusive
option which will enforce that exactly and only the list of  keys you
supplied are in the specified authorized_keys file.

On Thursday, October 22, 2015, DrDth  wrote:

> @esco This wouldn't manage the different users on the remote systems
>
> @Javier It does not exactly what I want, cause the last key in the loop is
> the one who becomes exclusive so none of the others will be in the
> authorized_keys file. I need an option for keeping all keys and only those
> which i choose to be the ones.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com
> 
> .
> To post to this group, send email to ansible-project@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/c59bb8d6-9bb1-4268-a3a2-5133672a28fa%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CABUBibv9TCQSRa04%2BqDjBL84LRUJ3Gz8%2Bn1FuS7cwzK8WnZztw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Manage SSh-Keys

[DrDth]

@esco This wouldn't manage the different users on the remote systems

@Javier It does not exactly what I want, cause the last key in the loop is 
the one who becomes exclusive so none of the others will be in the 
authorized_keys file. I need an option for keeping all keys and only those 
which i choose to be the ones. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c59bb8d6-9bb1-4268-a3a2-5133672a28fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Manage SSh-Keys

[Dick Davies]

What about a parameterised role that takes the user name, then you
"copy:" a public key (nested under e.g. your-role/files/home/{{ user
}}/.ssh/pubkey) up to /home/{{ user }}/.ssh/authorized_keys

you can use that sort of role with with_items or similar to provision all
the users you want to a given group of hosts pretty easily, there's no need
for lookups as you already have the file to hand.

On 22 October 2015 at 12:55, DrDth  wrote:

> @esco This wouldn't manage the different users on the remote systems
>
> @Javier It does not exactly what I want, cause the last key in the loop is
> the one who becomes exclusive so none of the others will be in the
> authorized_keys file. I need an option for keeping all keys and only those
> which i choose to be the ones.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/c59bb8d6-9bb1-4268-a3a2-5133672a28fa%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK5eLPQkv2o%3DMTGhrKsa%3Dt93eRJHdMXsbsKj2eAtKUSNajiBVQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Manage SSh-Keys

[Javier Palacios]

If you are using 1.9, there is a "exclusive" parameter that I believe makes
exactly what you want, although it will force you into some extra work if
you want multiple allowed keys

Javier Palacios

On Wed, Oct 21, 2015 at 12:20 PM, DrDth  wrote:

> Hello Ansible Community,
>
> I'm working on a possebility to manage different ssh public keys to
> different servers. I try to accomplish that with the most efficient and
> automated solution. My problem is that i want to lookup the files directly
> with a loop variable. Therefore I use the lookup plugin logically. But I
> want the keys I choose to be the only ones in the authorized_keys file on
> the remote machine. So is there a chance to use the exclusive parameter of
> the authorized keys module with a loop variable which uses the lookup
> module?
>
> Thank you for your time!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3e4a49cc-772a-45a5-a76f-6394453dad08%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CANsNpUS4FNyZ4XRGRfZiaise29Q8hneDE7Bgv8p8BvWSWsf7dQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Manage SSh-Keys

[DrDth]

I have a server on which this playbook will be executed. There is a 
directory on this server on which all public keys of all computers in the 
network will be stored in single keyfiles. I edit a variable which provides 
a list of the users who will have access with there keys on the assigned 
servers. And the users in this list  should be the only keys in the remote 
auth_keys file. But there has to be more than one key in every key 
parameter of the authorized_key module. Since the exclusive parameter uses 
the last given file in the loop var I sort of have to stack the keys 
together in maby a variable or a file or something. this "stacking" 
together is my problem all other problems are solved. i hope that I made my 
problem more clear :) 

Am Donnerstag, 22. Oktober 2015 14:05:30 UTC+2 schrieb Dick Davies:
>
> What about a parameterised role that takes the user name, then you 
> "copy:" a public key (nested under e.g. your-role/files/home/{{ user 
> }}/.ssh/pubkey) up to /home/{{ user }}/.ssh/authorized_keys
>
> you can use that sort of role with with_items or similar to provision all 
> the users you want to a given group of hosts pretty easily, there's no need 
> for lookups as you already have the file to hand.
>
> On 22 October 2015 at 12:55, DrDth  
> wrote:
>
>> @esco This wouldn't manage the different users on the remote systems
>>
>> @Javier It does not exactly what I want, cause the last key in the loop 
>> is the one who becomes exclusive so none of the others will be in the 
>> authorized_keys file. I need an option for keeping all keys and only those 
>> which i choose to be the ones. 
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/c59bb8d6-9bb1-4268-a3a2-5133672a28fa%40googlegroups.com
>>  
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/64242c1e-8464-4954-aa06-43150064ec72%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Manage SSh-Keys

[DrDth]

Hello Ansible Community,

I'm working on a possebility to manage different ssh public keys to 
different servers. I try to accomplish that with the most efficient and 
automated solution. My problem is that i want to lookup the files directly 
with a loop variable. Therefore I use the lookup plugin logically. But I 
want the keys I choose to be the only ones in the authorized_keys file on 
the remote machine. So is there a chance to use the exclusive parameter of 
the authorized keys module with a loop variable which uses the lookup 
module? 

Thank you for your time!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3e4a49cc-772a-45a5-a76f-6394453dad08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.