Question:
I have written an ansible script to remove SSH keys from remote servers:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
--- - name: "Add keys to the authorized_keys of the user ubuntu" user: ubuntu hosts: www tasks: - name: "Remove key #1" authorized_key: user=ubuntu key="{{ item }}" state=absent with_file: - id_rsa_number_one.pub - name: "Remove key #2" authorized_key: user=ubuntu key="{{ item }}" state=absent with_file: - id_rsa_number_two.pub ... |
Adding each file as a different task is preposterous, so I have tried using with_fileglob:
|
1 2 3 4 5 |
- name: "Remove all keys at once" authorized_key: user=ubuntu key="{{ item }}" state=absent with_fileglob: - /Users/adamatan/ansible/id_rsa*.pub |
But this fails with lines like this:
failed: [www.example.com] =>
(item=/Users/adamatan/ansible/id_rsa_one.pub) => {“failed”: true,
“item”: “/Users/adamatan/ansible/id_rsa_one.pub”} msg: invalid key
specified: /Users/adamatan/ansible/id_rsa_one.pub
The same key file is successfully removed using a unique task, but fails when it’s a part of a fileglob.
How can I batch add or remove SSH keys using ansible?
Answer:
I believe you are only getting the filenames using with_fileglob, but with_file retrieves the contents of the file. And the authorized_key module requires the actual key.
So you should still loop by using with_fileglob, but instead of sending the filename to the “key=” parameter, you should use the file lookup plugin).
|
1 2 3 4 5 |
- name: "Remove all keys at once" authorized_key: user=ubuntu key="{{ lookup('file', item) }}" state=absent with_fileglob: - /Users/adamatan/ansible/id_rsa*.pub |