Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
> so does it mean I am unable to use elevate privileges using lookup? exactly -- -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7da--n6LF-hdrvtO7obdsKpRjiUWxZOXaXZGtzv89xQ1A%40mail.gmail.com.
Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
On Fri, Jul 22, 2022 at 10:22 AM Brian Coca wrote: > > simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you > probably get same permissions error. The $HOME/.ssh/ directory is normally restricted in its permissions to permit the SSH private keys there to be used. It's partly why Ansible has hooks to store private, and public, keys in the ansible vault rather than merely pulling them from the local filesystem. The public keys are not usually such an issue to publish as part of the playbook or the ansible configuration itself. Is there any compelling reason not to store such a reference public key in the playbook's configuration files? > You either need to run ansible-playbook as a user with permissions > (rke, root?) or use a task to read the file while using privilege > escalation (become): > > - slurp: > path: , '/home/rke/.ssh/id_rsa.pub' > become: yes > delegate_to: localhost > register: rke_pub_key > > > This is the equivalent of you doing `sudo cat > /home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not > affected by become, which only affects the 'remote' side of a task). > > -- > -- > Brian Coca > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CACVha7etLAjkCrhheEt9vKxq%3Dt_7%2BpDXLN8%2BK9DoX%2BJRJ65OBg%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAOCN9ryCzTQ8TOYnUoZ3M6EfqLZhMPx1eUstZvf0KurUrfDfvA%40mail.gmail.com.
Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
so does it mean I am unable to use elevate privileges using lookup? --- - name: read file on host hosts: localhost become: yes become_user: root become_method: sudo vars: contents: "{{ lookup('file','/home/rke/.ssh/id_rsa.pub') }}" tasks: - name: print file ansible.builtin.debug: msg: "the content of file is {{ contents }}" still not able to do it however this works --- - hosts: localhost become: yes name: List the contents of home directory tasks: - name: List files and folder in home directory shell: 'cat /home/rke/.ssh/id_rsa.pub' register: command_output - debug: var: command_output.stdout_lines On Fri, Jul 22, 2022 at 9:44 AM Tony Wong wrote: > thats what im trying to do > > --- > - hosts: localhost > become: yes > gather_facts: false > vars: > filecon: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" > tasks: > - debug: > msg: "the value of foo.txt is: {{ filecon }}" > delegate_to: localhost > > > > why is this not working? > > On Fri, Jul 22, 2022 at 7:22 AM Brian Coca wrote: > >> simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you >> probably get same permissions error. >> >> You either need to run ansible-playbook as a user with permissions >> (rke, root?) or use a task to read the file while using privilege >> escalation (become): >> >> - slurp: >> path: , '/home/rke/.ssh/id_rsa.pub' >> become: yes >> delegate_to: localhost >> register: rke_pub_key >> >> >> This is the equivalent of you doing `sudo cat >> /home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not >> affected by become, which only affects the 'remote' side of a task). >> >> -- >> -- >> Brian Coca >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/q7do6W_q0LE/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> ansible-project+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CACVha7etLAjkCrhheEt9vKxq%3Dt_7%2BpDXLN8%2BK9DoX%2BJRJ65OBg%40mail.gmail.com >> . >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkqJs%2B3jyjuwYUubn1vA7HWU8-HTDDtC0mXCvtcSoqa2hg%40mail.gmail.com.
Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
thats what im trying to do --- - hosts: localhost become: yes gather_facts: false vars: filecon: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" tasks: - debug: msg: "the value of foo.txt is: {{ filecon }}" delegate_to: localhost why is this not working? On Fri, Jul 22, 2022 at 7:22 AM Brian Coca wrote: > simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you > probably get same permissions error. > > You either need to run ansible-playbook as a user with permissions > (rke, root?) or use a task to read the file while using privilege > escalation (become): > > - slurp: > path: , '/home/rke/.ssh/id_rsa.pub' > become: yes > delegate_to: localhost > register: rke_pub_key > > > This is the equivalent of you doing `sudo cat > /home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not > affected by become, which only affects the 'remote' side of a task). > > -- > -- > Brian Coca > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/q7do6W_q0LE/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > ansible-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CACVha7etLAjkCrhheEt9vKxq%3Dt_7%2BpDXLN8%2BK9DoX%2BJRJ65OBg%40mail.gmail.com > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALmkhkp6DQhCMtLvCh%3D5SwnwMVet5-mprf%2BpNmEfdf4jyGFXng%40mail.gmail.com.
Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you probably get same permissions error. You either need to run ansible-playbook as a user with permissions (rke, root?) or use a task to read the file while using privilege escalation (become): - slurp: path: , '/home/rke/.ssh/id_rsa.pub' become: yes delegate_to: localhost register: rke_pub_key This is the equivalent of you doing `sudo cat /home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not affected by become, which only affects the 'remote' side of a task). -- -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7etLAjkCrhheEt9vKxq%3Dt_7%2BpDXLN8%2BK9DoX%2BJRJ65OBg%40mail.gmail.com.
[ansible-project] why am i not able to access id_rsa.pub as another user?
I still keep geting this error fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while templating '{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}'. Error was a , original message: An unhandled exception occurred while running the lookup plugin 'file'. Error was a , original message: could not locate file in lookup: /home/rke/.ssh/id_rsa.pub"} The file does exist but the user running the task dont have access. So I used become: root and become_method: sudo but still dont work --- - hosts: localhost gather_facts: false vars: filecon: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}" tasks: - debug: msg: "the value of foo.txt is: {{ filecon }}" become_user: root become_method: sudo -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/229d32d7-8619-4fd4-b82c-2d41d611ee72n%40googlegroups.com.