ansible.posix
ansible.posix copied to clipboard
ansible-collections
Add `keys` and `keys_file` argument to authorized_keys
SUMMARY
Add additional keys and keys_file (mutually exclusive with key) arguments the authorized_keys module to support cleaner management of multiple keys
ISSUE TYPE
- Feature Idea
COMPONENT NAME
authorized_keys
ADDITIONAL INFORMATION
- hosts: all
tasks:
- authorized_keys:
keys:
- "ssh-rsa AAAD.."
- "ssh-ecdsa ..."
- authorized_keys:
keys_file: /opt/master.keys
- authorized_keys:
keys_file: https://github.com/my.keys
It already works just as have you specified:
- name: test authorized_keys
hosts: localhost
tasks:
- name: Get gitlab key and update the authorized_keys file
authorized_key:
user: username
key: "https://github.com/aminvakil.keys"
state: present
changed: [localhost] => {
"changed": true,
"comment": null,
"exclusive": false,
"follow": false,
"invocation": {
"module_args": {
"changed": true,
"comment": null,
"exclusive": false,
"follow": false,
"key": "https://github.com/aminvakil.keys",
"key_options": null,
"keyfile": "/home/username/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"user": "username",
"validate_certs": true
}
},
"key": "https://github.com/aminvakil.keys",
"key_options": null,
"keyfile": "/home/username/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"user": "username",
"validate_certs": true
}
Also https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html#examples has some other examples.
Adding different options which does the same action is overkill and could be confusing IMHO.
My main issue is the handling (or rather missing handling) of lists
Maybe I could add a check if it is a list of strings to the management? The need to template with jinja inside the playbook feels weird
Hi @JensHeinrich
My main issue is the handling (or rather missing handling) of lists
I agree with @aminvakil : the module already handles multiple keys at once. Only one of the examples in the description of this issue is about list, the 2 others are already covered by the module.
About the list itself, that in your example is a list of contents, not locations, I'd rather choose a more explicit name to avoid confusion with the existing key option, which refers to a key(s) file location (local or online).
The need to template with jinja inside the playbook feels weird
IMHO, the use of raw key content in a playbook is pretty weird too. I don't see the benefit of listing keys this way (especially for 4096 bits rsa keys). At least two linters would complain here about lines too long (yamllint and ansible-lint), so I really think this:
- name: add authorized keys
authorized_key:
raw_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1LlUfudaiGJN2AIB510DC+UQV/DCLZA/q/ekT40JvGoqaJBDPE8oWYYHNKySLs1eF8aqesfwUltW2kxAeuQ62G611t7FAG6TABfKEuMGMvRyoPpE6PwQgVxY2uoNvMLofnQDL5Ln2dAt7RDbNf/jSuRx7as3cio9OSTGDIxycZ4gSp4Nov2rvM0c5yu5KmPAwEKRkRkHprh/Ywh+S/3HacCQKodPTe+mchkdZ0eyhJnjlpi4GO1ssIv1NRFzFIKGmgEY62J+ENNOzHPfY2EaxaKKj5K4ozWk/iuFABbqQG2DHed+OIlIGgSzp+Hn0Fgbg2XzEIPmGK8RfouFiA+0rpl6fw6yNU/NBe1UiBTXhgpZXD/agMPPrXPJ788xjvQ8fZq4Crp8a7E84DzHYo4n8M5jcnv2xbv+cC+g9uYX+1oj3X5SoFytYgE+4cuEdkQchguil6lHJQxvyYOJlsCDd6+/4q4ByIXAzDkjomOFs0g0kSkUL0Kiw780OxjC/ZSJooS2U7YpN5ZmPipvbzc3BJ+KO6EZRfzdxHhlHSdE1jGz9AmgYK+QELPf1adAhFX70bx0g3qV084JkBt5clBPYmyuf7facQ/ayXIJr2xvqRKtHOc+cjiKbdSYX6h+yIK1Tr/qml+CDPJwLBbyFKCAJH3tlNAdgrfnqMDySeHBb/Q== quidame 0x406280D59CF61A16"
- "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADj+kq9GpaeYuHYWHevvmuR0ePzrJpO7muoZT+xpfcN67jciLVzBGCgot/QQx2gqDgeBezUcwQbLRgT9aY2zl/9nQEARfg7uqYz8L0JTKq4THXlGuvJnD4mf6Oma3obZsa4PovwwXo4y0jaSZmve4FFLh7XUrsV1tWxJIawAn7i3t35IQ=="
is a no-way.
