What I have set up so far is working well. My playbook is:
--- - hosts: bastion_hosts vars_files: - data/users.yml gather_facts: no sudo: True name: Add/Delete/Update InPowered Users onto an instance. Usually BounceBox tasks: - name: Add Users to the remote system user: name={{ item.key }} shell={{ item.value.shell }} state={{ item.value.state }} uid={{ item.value.uid }} home={{ item.value.home }} comment="{{ item.value.comment }}" with_dict: users - name: Pushing authorized key to remote server authorized_key: user={{ item.key }} key="{{ item.value.ssh_pubkey }}" with_dict: users - name: Add wheel Group to sudo users user: name={{ item.key }} groups=wheel when: '{{ item.value.setsudo }} == True' with_dict: users - name: Copy Private Keys to each user debug: var={{ item.value.authkeys }} with_dict: users The authkeys variable contains a list of private key names "qa, prd, dev" For each user, I want copy each of the listed private key files into the .ssh directory. Something like copy: src=/keypath/{{ first item in item.value.authkeys }}.pem dest=/home/{{ item.keys }}/.ssh/{{ first item in item.value.authkeys }}.pem mode=0600 But I'm not clear on how to grab the elements out of the authkeys to copy down each file. (Further, I'm thinking I should be using vault, but... one step at a time now) My users.yml file looks like this: --- users: bob.brown: state: present uid: 1027 comment: "Bob Brown" home: /home/bob.brown ssh_pubkey: "ssh-rsa AAAAB3NzaC1yc2E..." authkeys: "dev,qa,prd,ops" shell: /bin/sh setsudo: yes colin.johnson: state: present uid: 1041 comment: "Colin Johnson" home: /home/colin.johnson ssh_pubkey: "ssh-rsa AAAAB3NzaC1..." authkeys: "dev,qa,prd" shell: /bin/sh setsudo: no Thanks to anyone who can help. Bob -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/eb64eb1e-0ffd-4628-a024-d7eb618e7eea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.