Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
> so does it mean I am unable to use elevate privileges using lookup? exactly -- -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7da--n6LF-hdrvtO7obdsKpRjiUWxZOXaXZGtzv89xQ1A%40mail.gmail.com.
Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
On Fri, Jul 22, 2022 at 10:22 AM Brian Coca wrote: > > simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you > probably get same permissions error. The $HOME/.ssh/ directory is normally restricted in its permissions to permit the SSH private keys there to be used. It's partly why Ansible has hooks to store private, and public, keys in the ansible vault rather than merely pulling them from the local filesystem. The public keys are not usually such an issue to publish as part of the playbook or the ansible configuration itself. Is there any compelling reason not to store such a reference public key in the playbook's configuration files? > You either need to run ansible-playbook as a user with permissions > (rke, root?) or use a task to read the file while using privilege > escalation (become): > > - slurp: > path: , '/home/rke/.ssh/id_rsa.pub' > become: yes > delegate_to: localhost > register: rke_pub_key > > > This is the equivalent of you doing `sudo cat > /home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not > affected by become, which only affects the 'remote' side of a task). > > -- > -- > Brian Coca > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CACVha7etLAjkCrhheEt9vKxq%3Dt_7%2BpDXLN8%2BK9DoX%2BJRJ65OBg%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAOCN9ryCzTQ8TOYnUoZ3M6EfqLZhMPx1eUstZvf0KurUrfDfvA%40mail.gmail.com.
Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
so does it mean I am unable to use elevate privileges using lookup?
---
- name: read file on host
hosts: localhost
become: yes
become_user: root
become_method: sudo
vars:
contents: "{{ lookup('file','/home/rke/.ssh/id_rsa.pub') }}"
tasks:
- name: print file
ansible.builtin.debug:
msg: "the content of file is {{ contents }}"
still not able to do it
however this works
---
- hosts: localhost
become: yes
name: List the contents of home directory
tasks:
- name: List files and folder in home directory
shell: 'cat /home/rke/.ssh/id_rsa.pub'
register: command_output
- debug:
var: command_output.stdout_lines
On Fri, Jul 22, 2022 at 9:44 AM Tony Wong wrote:
> thats what im trying to do
>
> ---
> - hosts: localhost
> become: yes
> gather_facts: false
> vars:
> filecon: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"
> tasks:
> - debug:
> msg: "the value of foo.txt is: {{ filecon }}"
> delegate_to: localhost
>
>
>
> why is this not working?
>
> On Fri, Jul 22, 2022 at 7:22 AM Brian Coca wrote:
>
>> simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you
>> probably get same permissions error.
>>
>> You either need to run ansible-playbook as a user with permissions
>> (rke, root?) or use a task to read the file while using privilege
>> escalation (become):
>>
>> - slurp:
>> path: , '/home/rke/.ssh/id_rsa.pub'
>> become: yes
>> delegate_to: localhost
>> register: rke_pub_key
>>
>>
>> This is the equivalent of you doing `sudo cat
>> /home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not
>> affected by become, which only affects the 'remote' side of a task).
>>
>> --
>> --
>> Brian Coca
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/q7do6W_q0LE/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> ansible-project+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CACVha7etLAjkCrhheEt9vKxq%3Dt_7%2BpDXLN8%2BK9DoX%2BJRJ65OBg%40mail.gmail.com
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkqJs%2B3jyjuwYUubn1vA7HWU8-HTDDtC0mXCvtcSoqa2hg%40mail.gmail.com.
Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
thats what im trying to do
---
- hosts: localhost
become: yes
gather_facts: false
vars:
filecon: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"
tasks:
- debug:
msg: "the value of foo.txt is: {{ filecon }}"
delegate_to: localhost
why is this not working?
On Fri, Jul 22, 2022 at 7:22 AM Brian Coca wrote:
> simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you
> probably get same permissions error.
>
> You either need to run ansible-playbook as a user with permissions
> (rke, root?) or use a task to read the file while using privilege
> escalation (become):
>
> - slurp:
> path: , '/home/rke/.ssh/id_rsa.pub'
> become: yes
> delegate_to: localhost
> register: rke_pub_key
>
>
> This is the equivalent of you doing `sudo cat
> /home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not
> affected by become, which only affects the 'remote' side of a task).
>
> --
> --
> Brian Coca
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/q7do6W_q0LE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CACVha7etLAjkCrhheEt9vKxq%3Dt_7%2BpDXLN8%2BK9DoX%2BJRJ65OBg%40mail.gmail.com
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CALmkhkp6DQhCMtLvCh%3D5SwnwMVet5-mprf%2BpNmEfdf4jyGFXng%40mail.gmail.com.
Re: [ansible-project] why am i not able to access id_rsa.pub as another user?
simple permissions, can you 'cat '/home/rke/.ssh/id_rsa.pub` ? you probably get same permissions error. You either need to run ansible-playbook as a user with permissions (rke, root?) or use a task to read the file while using privilege escalation (become): - slurp: path: , '/home/rke/.ssh/id_rsa.pub' become: yes delegate_to: localhost register: rke_pub_key This is the equivalent of you doing `sudo cat /home/rke/.ssh/id_rsa.pub' (lookups always run 'locally and are not affected by become, which only affects the 'remote' side of a task). -- -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7etLAjkCrhheEt9vKxq%3Dt_7%2BpDXLN8%2BK9DoX%2BJRJ65OBg%40mail.gmail.com.
[ansible-project] why am i not able to access id_rsa.pub as another user?
I still keep geting this error
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred
while templating '{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}'. Error
was a , original message: An unhandled
exception occurred while running the lookup plugin 'file'. Error was a
, original message: could not locate
file in lookup: /home/rke/.ssh/id_rsa.pub"}
The file does exist but the user running the task dont have access. So I
used become: root
and become_method: sudo
but still dont work
---
- hosts: localhost
gather_facts: false
vars:
filecon: "{{ lookup('file', '/home/rke/.ssh/id_rsa.pub')}}"
tasks:
- debug:
msg: "the value of foo.txt is: {{ filecon }}"
become_user: root
become_method: sudo
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/229d32d7-8619-4fd4-b82c-2d41d611ee72n%40googlegroups.com.
