admin管理员组

文章数量:1125370

I need to insert an SSH public key into a user's authorized_keys root file before a specific comment line (e.g., # service keys) using Ansible. The layout of the authorized_keys file looks like this:

# sysadmin keys
ssh-rsa AAAAB1...key_here...
ssh-rsa AAAAB2...key_here...
# <ansible_insert_public_key>
# service keys
ssh-rsa AAAAB9...key_here...

I attempted to use the lineinfile and blockinfile modules but encountered the following issues:

The SSH key gets inserted after the # service keys comment, not before. I received errors related to using Jinja2 templating in the when condition. Here is the code I have tried so far:

---
- name: Add SSH public key to user's authorized_keys before the specified comment
  hosts: all
  become: yes
  vars:
    ssh_public_key: "ssh-rsa AAAAB3...key_here... comment"
    ssh_directory: "{{ ansible_env.HOME }}/.ssh"
    authorized_keys_path: "{{ ssh_directory }}/authorized_keys"
    insert_before_comment: "# service keys"

  tasks:
    - name: Ensure the .ssh directory exists for the user
      file:
        path: "{{ ssh_directory }}"
        state: directory
        mode: '0700'

    - name: Add SSH public key if not already present
      authorized_key:
        user: "{{ ansible_env.USER }}"
        state: present
        key: "{{ ssh_public_key }}"
        path: "{{ authorized_keys_path }}"
        manage_dir: yes

    - name: Read the authorized_keys file
      slurp:
        src: "{{ authorized_keys_path }}"
      register: authorized_keys_content

    - name: Set fact to check if the comment exists
      set_fact:
        insert_before_comment_exists: "{{ insert_before_comment in (authorized_keys_content.content | b64decode()) }}"

    - name: Modify authorized_keys file by inserting SSH key before the comment
      blockinfile:
        path: "{{ authorized_keys_path }}"
        marker: "# {{ insert_before_comment }}"
        content: |
          {{ ssh_public_key }}
      when: insert_before_comment_exists

The Problem:

  • The key is getting inserted after the # service keys comment instead of before it.
  • The when condition with Jinja2 templating ({{ insert_before_comment }}) is giving a warning: conditional statements should not include jinja2 templating delimiters.

What I have tried:

  • I've used lineinfile and blockinfile, but neither gave the desired result.

  • I attempted checking if the comment exists and conditionally inserted the key.

I need to insert an SSH public key into a user's authorized_keys root file before a specific comment line (e.g., # service keys) using Ansible. The layout of the authorized_keys file looks like this:

# sysadmin keys
ssh-rsa AAAAB1...key_here...
ssh-rsa AAAAB2...key_here...
# <ansible_insert_public_key>
# service keys
ssh-rsa AAAAB9...key_here...

I attempted to use the lineinfile and blockinfile modules but encountered the following issues:

The SSH key gets inserted after the # service keys comment, not before. I received errors related to using Jinja2 templating in the when condition. Here is the code I have tried so far:

---
- name: Add SSH public key to user's authorized_keys before the specified comment
  hosts: all
  become: yes
  vars:
    ssh_public_key: "ssh-rsa AAAAB3...key_here... comment"
    ssh_directory: "{{ ansible_env.HOME }}/.ssh"
    authorized_keys_path: "{{ ssh_directory }}/authorized_keys"
    insert_before_comment: "# service keys"

  tasks:
    - name: Ensure the .ssh directory exists for the user
      file:
        path: "{{ ssh_directory }}"
        state: directory
        mode: '0700'

    - name: Add SSH public key if not already present
      authorized_key:
        user: "{{ ansible_env.USER }}"
        state: present
        key: "{{ ssh_public_key }}"
        path: "{{ authorized_keys_path }}"
        manage_dir: yes

    - name: Read the authorized_keys file
      slurp:
        src: "{{ authorized_keys_path }}"
      register: authorized_keys_content

    - name: Set fact to check if the comment exists
      set_fact:
        insert_before_comment_exists: "{{ insert_before_comment in (authorized_keys_content.content | b64decode()) }}"

    - name: Modify authorized_keys file by inserting SSH key before the comment
      blockinfile:
        path: "{{ authorized_keys_path }}"
        marker: "# {{ insert_before_comment }}"
        content: |
          {{ ssh_public_key }}
      when: insert_before_comment_exists

The Problem:

  • The key is getting inserted after the # service keys comment instead of before it.
  • The when condition with Jinja2 templating ({{ insert_before_comment }}) is giving a warning: conditional statements should not include jinja2 templating delimiters.

What I have tried:

  • I've used lineinfile and blockinfile, but neither gave the desired result.

  • I attempted checking if the comment exists and conditionally inserted the key.

  • linux
  • ansible
  • yaml
Share Improve this question asked 2 days ago safesploitsafesploit 1013 bronze badges New contributor safesploit is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.
Add a comment  | 

1 Answer 1

Reset to default 0

Based on the given description, a slightly changed minimal example with

authorized_keys

# sysadmin keys
ssh-rsa AAAAAA
ssh-rsa BBBBBB
# ansible_insert_public_key
# service keys
ssh-rsa CCCCCC

and

main.yml

---
- name: Add SSH public key to user's authorized_keys before the specified comment
  hosts: localhost
  become: false

  vars:

    ssh_public_key: "ssh-rsa TROLOLO comment"
    authorized_keys_path: "authorized_keys"
    insert_before_comment: "service keys"

  tasks:

    - name: Read the authorized_keys file
      slurp:
        src: "{{ authorized_keys_path }}"
      register: authorized_keys_content

    - name: Set fact to check if the comment exists
      set_fact:
        insert_before_comment_exists: true

    - name: Modify authorized_keys file by inserting SSH key before the comment
      blockinfile:
        path: "{{ authorized_keys_path }}"
        insertbefore: "# {{ insert_before_comment }}"
        content: |
          {{ ssh_public_key }}
      when: insert_before_comment_exists

will result into an authorized_keys file content of

# sysadmin keys
ssh-rsa AAAAAA
ssh-rsa BBBBBB
# ansible_insert_public_key
# BEGIN ANSIBLE MANAGED BLOCK
ssh-rsa TROLOLO comment
# END ANSIBLE MANAGED BLOCK
# service keys
ssh-rsa CCCCCC

The result would be the same with following task

    - name: Modify authorized_keys file by inserting SSH key before the comment
      lineinfile:
        path: "{{ authorized_keys_path }}"
        insertbefore: "# {{ insert_before_comment }}"
        line: "{{ ssh_public_key }}"
      when: insert_before_comment_exists

本文标签: linuxHow can I insert an SSH key before a specific comment line in a file using AnsibleStack Overflow

版权声明:本文标题:linux - How can I insert an SSH key before a specific comment line in a file using Ansible? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736659024a1946328.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。