1

Community, I am creating a user on the client machine using Ansible but the issue is it creates a user and add authenticate file but getting an error while SSH to that machine using created, User. Following is my source code.

  ---
    # This file is used to create a single user or multiple with password  
    - hosts: hostMachine
      become_method: sudo
      become_user: root
      become: true
      gather_facts: no
      vars_files:
        - ../../../group_vars/required_varlist.yml
      tasks:

        - name: Ensure group is exist
          group:
            name: "{{ item.groups }}"
          with_items:
            - "{{ users }}"

        - name: create a new user without password
          user:
            name: "{{ item.username }}"
            group: "{{ item.groups }}"
            groups: "sudo,{{ item.username }}"
            shell: /bin/bash
            createhome: yes
          with_items:
            - "{{ users }}"

        - name: Add Sudo privileges to user
          command: usermod -aG sudo "{{ item.username }}"
          with_items:
            - "{{ users }}"

        - name: Add user in  sudoders  
          shell: sh -c "echo \""{{ item.username }}" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers"
          with_items:
            - "{{ users }}"

        - name: create directory
          file:
            path: "/home/{{ item.username }}/.ssh"
            state: directory
            mode: 0700
            owner: "{{ item.username }}"
            group: "{{ item.groups }}"
          with_items:
            - "{{ users }}"

        - name: Set Authorized key token from the file
          become: true
          authorized_key:
            user: "{{ item.username }}"
            state: present
            key: "{{ lookup('file', '{{ pem_file_path }}') }}"
            # path: '/etc/ssh/authorized_keys/"{{ item.username }}"'
          with_items:
            - "{{ users }}"

        - name: restart ssh
          service: name=sshd state=restarted

required_varlist.yml 

  ---
    password: raspberry
    users:
      - username: ABC
        groups: ABC
    pem_file_path: /home/ubuntu/XYZ.pem
Shaha Nawaj Mulla
  • 74
  • 5

1 Answers1

2

I suspect what is happening here is you are trying to insert the private key into the authorized_keys file, which is invalid as only the public key is required on the target machine.

What you need to do is extract the public key from the private key:

- name: Generate an OpenSSL public key with a passphrase protected private key
  openssl_publickey:
    path: /tmp/key-{{ item.username }}.pub
    privatekey_path: {{ item.pem_file_path }}
    privatekey_passphrase: ansible
    format: OpenSSH
  with_items:
    - "{{ users }}"

and then use the public key:

- name: Set Authorized key token from the file
  become: true
  authorized_key:
    user: "{{ item.username }}"
    state: present
    key: "{{ lookup('file', '/tmp/key-{{ item.username }}.pub') }}"
  with_items:
    - "{{ users }}"
Richard Slater
  • 11,747
  • 7
  • 43
  • 82