Ansible authorized copy from remote source to remote destination

Question

How to use ansible authorized_key to authorize a ServerA (not the controller machine) to access Server B.

Scenario: Need a playbook to execute from a ansible controller that should append id_rsa.pub of a specific user from a remote ssh ServerA (no the controller machine ) to ServerB.

In our case the ServerA count is 20 while ServerB count is 200. What i have tried so far and failed.

---
# tasks file for passwordless
- name: Play to setup Passowrdless
  hosts: destnode
  remote_user: "{{ ssh_user }}"
  vars_prompt:
    - name: "ssh_user"
      prompt: "Please specify ssh user name"
      private: no

  tasks:
  - name: Copy pub key from SourceNode to Destnode
    authorized_key:
      user: "{{ ssh_user }}"
      state: present
      key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
    become: yes
    become_user: "{{ ssh_user }}"
    delegate_to: "{{ hostvars.sourcenode }}"
    when: ssh_user is defined
    register: copyout


  - name: Print copyout value
    debug:
      msg: "{{ copyout }}"

score 1 · Answer 1 · answered Apr 05 '19 at 11:29

To append id_rsa.pub of a specific user from a remote ssh ServerA (no the controller machine ) to ServerB.

1) Fetch the public keys from ServerA

- host: ServerA
  vars:
    public_keys_dir: <PUB_KEYS_DIR>
    specific_user:
      - user1
      - user2
      - userN
  tasks:
    - name: Fetch pub keys
      fetch:
        src: "/home/{{ item }}/.ssh/id_rsa.pub"
        dest: "{{ public_keys_dir }}/{{ item }}-ServerA.id_rsa.pub"
        flat: yes
      loop: "{{ specific_user }}"

2) Configure authorized keys at ServerB

- host: ServerB
  vars:
    public_keys_dir: <PUB_KEYS_DIR>
    my_remote_user: admin
  tasks:
    - name: Set up authorized_keys
      authorized_key:
        user: "{{ my_remote_user }}"
        key: "{{ lookup('file', '{{ item }}')}}"
      with_fileglob:
        - "{{ public_keys_dir }}/*-ServerA.id_rsa.pub"

(not tested)

AVS · Answer 2 · 2019-04-10T07:25:35.303

---
# tasks file for passwordless
- name: Play to setup Passowrdless
  remote_user: "{{ ssh_user }}"
  vars_prompt:
    - name: "ssh_user"
      prompt: "Please specify ssh user name"
      private: no
  hosts: all
  tasks:
  - name: Get pub key value from edgenode
    #hosts: edgenode
    command:
      cat $HOME/.ssh/id_rsa.pub
    register: pubkey
    changed_when: false
    when: "'group_edgenode' in  group_names"

  - name: Print copyout value
    debug:
      msg: "{{ pubkey.stdout }}"
    when: "'group_edgenode' in  group_names"

  - name: Append pub key value to datanodes
    #hosts: datanode
    lineinfile:
      path: $HOME/.ssh/authorized_keys
      #line: "{{ pubkey.stdout }}"
      #line: "{{ hostvars['192.168.0.103']['pubkey']['stdout'] }}"
      line: "{{ hostvars[item]['pubkey']['stdout'] }}"
      #line: "{{ groups['group_datanode'] | map('extract',hostvars, stdout) }}"
      state: present
      owner: "{{ ssh_user }}"
      #group: domain
      mode: 0600
      backup: yes
      insertafter: EOF
    #when: inventory_hostname in groups['datanode']
    with_items: "{{ groups['group_edgenode'] }}"
    when: "'group_datanode' in  group_names"

In this solution edgenodes are ServerA while datanodes are ServerB. Its tested and is working fine.

Ansible authorized copy from remote source to remote destination

2 Answers2