|
|
|
@ -37,7 +37,7 @@ options:
|
|
|
|
aliases: []
|
|
|
|
aliases: []
|
|
|
|
key:
|
|
|
|
key:
|
|
|
|
description:
|
|
|
|
description:
|
|
|
|
- The SSH public key, as a string
|
|
|
|
- The SSH public key(s), as a string or url (https://github.com/username.keys)
|
|
|
|
required: true
|
|
|
|
required: true
|
|
|
|
default: null
|
|
|
|
default: null
|
|
|
|
path:
|
|
|
|
path:
|
|
|
|
@ -79,6 +79,9 @@ EXAMPLES = '''
|
|
|
|
# Example using key data from a local file on the management machine
|
|
|
|
# Example using key data from a local file on the management machine
|
|
|
|
- authorized_key: user=charlie key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
|
|
|
|
- authorized_key: user=charlie key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Using github url as key source
|
|
|
|
|
|
|
|
- authorized_key: user=charlie key=https://github.com/charlie.keys
|
|
|
|
|
|
|
|
|
|
|
|
# Using alternate directory locations:
|
|
|
|
# Using alternate directory locations:
|
|
|
|
- authorized_key: user=charlie
|
|
|
|
- authorized_key: user=charlie
|
|
|
|
key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
|
|
|
|
key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
|
|
|
|
@ -97,6 +100,7 @@ EXAMPLES = '''
|
|
|
|
- authorized_key: user=charlie
|
|
|
|
- authorized_key: user=charlie
|
|
|
|
key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
|
|
|
|
key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
|
|
|
|
key_options='no-port-forwarding,host="10.0.1.1"'
|
|
|
|
key_options='no-port-forwarding,host="10.0.1.1"'
|
|
|
|
|
|
|
|
|
|
|
|
'''
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
|
|
# Makes sure the public key line is present or absent in the user's .ssh/authorized_keys.
|
|
|
|
# Makes sure the public key line is present or absent in the user's .ssh/authorized_keys.
|
|
|
|
@ -332,11 +336,22 @@ def enforce_state(module, params):
|
|
|
|
manage_dir = params.get("manage_dir", True)
|
|
|
|
manage_dir = params.get("manage_dir", True)
|
|
|
|
state = params.get("state", "present")
|
|
|
|
state = params.get("state", "present")
|
|
|
|
key_options = params.get("key_options", None)
|
|
|
|
key_options = params.get("key_options", None)
|
|
|
|
|
|
|
|
error_msg = "Error getting key from: %s"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# if the key is a url, request it and use it as key source
|
|
|
|
|
|
|
|
if key.startswith("http"):
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
resp, info = fetch_url(module, key)
|
|
|
|
|
|
|
|
if info['status'] != 200:
|
|
|
|
|
|
|
|
module.fail_json(msg=error_msg % key)
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
key = resp.read()
|
|
|
|
|
|
|
|
except Exception:
|
|
|
|
|
|
|
|
module.fail_json(msg=error_msg % key)
|
|
|
|
|
|
|
|
|
|
|
|
# extract individual keys into an array, skipping blank lines and comments
|
|
|
|
# extract individual keys into an array, skipping blank lines and comments
|
|
|
|
key = [s for s in key.splitlines() if s and not s.startswith('#')]
|
|
|
|
key = [s for s in key.splitlines() if s and not s.startswith('#')]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# check current state -- just get the filename, don't create file
|
|
|
|
# check current state -- just get the filename, don't create file
|
|
|
|
do_write = False
|
|
|
|
do_write = False
|
|
|
|
params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
|
|
|
|
params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
|
|
|
|
@ -418,4 +433,5 @@ def main():
|
|
|
|
|
|
|
|
|
|
|
|
# import module snippets
|
|
|
|
# import module snippets
|
|
|
|
from ansible.module_utils.basic import *
|
|
|
|
from ansible.module_utils.basic import *
|
|
|
|
|
|
|
|
from ansible.module_utils.urls import *
|
|
|
|
main()
|
|
|
|
main()
|
|
|
|
|
Brian Coca
10 years ago