Right of the top of my head, put user specific stuff in a dict in vars
file (or conditional include a file for each user), so you have a dict
that's populated differently based on the value of a "user" var.
Then in a dependencies section in a meta/main.yaml, you just do
{ role: sshrolename, user: username }
{ role: sshrolename. user: otherusername }
Of course that's gonna be slow, so you could write your role to want a list
of users, and then pass a list in the meta/main.yaml file. You can always
pass a list with one item.
On Friday, December 11, 2015 at 7:11:27 AM UTC-8, cmacrae wrote:
>
> Hi everyone.
>
> I've been mulling something over in my head, I've got something I want to
> tackle, but I'm not sure how to go about doing so.
>
> Here's the scenario: I want to put together a tiny role that manages
> user's authorized keys. Keys defined in the inventory
> (host_vars/group_vars/playbook vars, etc.) should be the only ones present
> in the user's authorized_keys file.
>
> I have some keys specified like so:
>
> root_ssh_public_keys:
> member1:
> pubkey: ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAQEAvVO3ULx8fNGgInHCFQV6w/gEARBWyS9eA1qRaTEu4njawEjiqSGFHgPuvmgtKlft2MqbnCG3cokFKRAEOZEzy+jUMES8IQEHuSsJuZFnlUC4yzm1mI1OjJk9PwTLDD6OGJDL1gIkz37CYITbsaufS6gFrpoMBZhkVcVKk0JBnmwF/QZUD1uHKFLMtyVwvw8pzWcBcAYBBw5O6hjo2pRIX100bCdMxDrXwFp4yFiJPG6LCya4701whZpqgwk3d/RakJdZLA3pgAlVPZswz8ezj2U5PIYJl+LrUaPE57ZR/eVwNnBE7QPsKCCurIy1bLR0KXiqOmUzdzWDphYCelRurQ==
> member1
> member2:
> pubkey: ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAQEAtkScC/o1aDxaXFJdyTMhlF4UewNO/tdQf6EIYJzikSBNKECBjmvrM6bNaIkWA/AzB2dgTS0mug2aVomsBeyN8gAGfV/Wi3bO1kXuI23BmkPUn36OgE5ppQ0O2Gp8VjJaffV9EiYeEY/QlwnshAS9gfDPeTO+u5f0ZP0TZw29m+F3CKIJWPruDJJvXMkyc5qokh5kUpm0qYlhGyDi596st3Gsh/9LF/I2sEJH3LTP0gs0bWjbHN9XcIw8gbPT50zNZvqv9FGvgsMCErYC5lwPVN1670cpOpqLYV4PgU77t751CE9RsmASeB6Elwh0pAKlfxzITBx4W6aVxkl8Utlblw==
> member2
> member3:
> pubkey: ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAQEA2nyE+baFvebdFqiuEEjGYtLHxgduypfBg1laG8DP9Re0ln0lIJRsTw2HoB1giKRpkLXUdYkS+QVkzP0oZCNRZWuEgIuJnL8vl6c0S53UaFTNbZliIuSQLSPsEbQfIu1lQ9voZG2pwJQTj4yICnr29dSPs6ef4n8pox7hhDZSf6LBrrWWc51WYrZwXCSeDstqq53goCKLeujSZ6Ww3T7Ac17OzyhIQCl0x1w8LlcMshaczPKbFLxgLltIF8OmX9PLHuX0enFOVGKyRW66MIIyHuK65gxY/+8mjrzTw9aWOiQVvYZsjuzqBIBQy4h85ex8wF0xztR50D2ylvrbXSNl2w==
> member3
>
>
> Currently, I have this task that deploys them and ensures they're the only
> keys in the root user's authorized_keys list:
>
> - name: "Ensure team pubkeys are in root's authorized_keys"
> authorized_key:
> user: root
> manage_dir: yes
> exclusive: yes
> key: |
> {% for _, user in root_ssh_public_keys.items()%}
> {% for _, key in user.items() %}
> {{ key }}
> {% endfor %}
> {% endfor %}
> tags: ssh_keys
>
> Now, what I want to be able to do is chuck this into a little role, and
> have it be usable for any user definitions.
> So, say I had a system with the user 'example' on, and I wanted to specify
> some keys I want that user to have in their authorized_keys list.
> I could go to that system's host_vars and add the following:
>
> example_ssh_public_keys:
> someone:
> pubkey: ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAQEAvVO3ULx8fNGgInHCFQV6w/gEARBWyS9eA1qRaTEu4njawEjiqSGFHgPuvmgtKlft2MqbnCG3cokFKRAEOZEzy+jUMES8IQEHuSsJuZFnlUC4yzm1mI1OjJk9PwTLDD6OGJDL1gIkz37CYITbsaufS6gFrpoMBZhkVcVKk0JBnmwF/QZUD1uHKFLMtyVwvw8pzWcBcAYBBw5O6hjo2pRIX100bCdMxDrXwFp4yFiJPG6LCya4701whZpqgwk3d/RakJdZLA3pgAlVPZswz8ezj2U5PIYJl+LrUaPE57ZR/eVwNnBE7QPsKCCurIy1bLR0KXiqOmUzdzWDphYCelRurQ==
> someone
> someone_else:
> pubkey: ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAQEAtkScC/o1aDxaXFJdyTMhlF4UewNO/tdQf6EIYJzikSBNKECBjmvrM6bNaIkWA/AzB2dgTS0mug2aVomsBeyN8gAGfV/Wi3bO1kXuI23BmkPUn36OgE5ppQ0O2Gp8VjJaffV9EiYeEY/QlwnshAS9gfDPeTO+u5f0ZP0TZw29m+F3CKIJWPruDJJvXMkyc5qokh5kUpm0qYlhGyDi596st3Gsh/9LF/I2sEJH3LTP0gs0bWjbHN9XcIw8gbPT50zNZvqv9FGvgsMCErYC5lwPVN1670cpOpqLYV4PgU77t751CE9RsmASeB6Elwh0pAKlfxzITBx4W6aVxkl8Utlblw==
> someone_else
>
>
> Notice the variable name is 'example_ssh_public_keys'.
> In my task above, I need a way of dynamically defining both the 'user'
> parameter value (shown above as 'root') and the dictionary I'm operating on
> (shown above as 'root_ssh_public_keys').
>
> My point being I need this to be re-usable for different users.
>
> Am I going about this in a really stupid manner? What would be the best
> way to approach this?
>
> Thanks in advance for any help!
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/30b3408a-6526-43a0-8188-df1b8ca153cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
