Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authorized_key reports change if there is a comment line with exclusive mode. #536

Open
Tux12Fun opened this issue Mar 6, 2024 · 0 comments
Open

authorized_key reports change if there is a comment line with exclusive mode. #536

Tux12Fun opened this issue Mar 6, 2024 · 0 comments

Comments

@Tux12Fun
Copy link

Tux12Fun commented Mar 6, 2024

SUMMARY

The Module reports a change but the only and exclusive key is set allredy in the file.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

ansible.posix.authorized_key

ANSIBLE VERSION
ansible 2.10.8
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/etc/ansible/library']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0]
COLLECTION VERSION
CONFIGURATION
ANSIBLE_PIPELINING(/etc/ansible/ansible.cfg) = True
COLLECTIONS_PATHS(/etc/ansible/ansible.cfg) = ['/etc/ansible/collections']
DEFAULT_CALLBACK_WHITELIST(/etc/ansible/ansible.cfg) = ['ansible.posix.timer', 'ansible.posix.profile_tasks']
DEFAULT_LOAD_CALLBACK_PLUGINS(/etc/ansible/ansible.cfg) = True
DEFAULT_MODULE_PATH(/etc/ansible/ansible.cfg) = ['/etc/ansible/library']
DEFAULT_STDOUT_CALLBACK(/etc/ansible/ansible.cfg) = yaml
PERSISTENT_COMMAND_TIMEOUT(/etc/ansible/ansible.cfg) = 300
RETRY_FILES_ENABLED(/etc/ansible/ansible.cfg) = False
OS / ENVIRONMENT
STEPS TO REPRODUCE

Current Content in authroized_keys file

od -c authorized_keys
0000000   #       A   d   d   e   d       b   y       G   o   o   g   l
0000020   e  \n   s   s   h   -   r   s   a       A   A   A   A   B   3
0000040   N   z   a   C   1   y   c   2   E   A   A   A   A   D   A   Q
.....
0001360   @   d   x   t   e   s   t   s   r   v  \n
0001373
   - name:                            Load and Deploy SSH Key
     authorized_key:
        user:                         "xxxx"
        state:                        present
        key:                          "# Added by Google\n{{ lookup('file', changeInstKey__currentSshPubKey) }}"
        exclusive:                    true
EXPECTED RESULTS

No change as the key in the file lookup contains exactly the key in the authorized_keys file.
I tied this with different key settings.

"# Added by Google\n{{ lookup('file', changeInstKey__currentSshPubKey) }}"
"\\# Added by Google\n{{ lookup('file', changeInstKey__currentSshPubKey) }}"
"{{ lookup('file', changeInstKey__currentSshPubKey) }}"

But every try results in a changed in Ansible.

I would also happy with a switch to ignore all # Comment lines and ony set the key and exclusive if this would result in an OK Statement

ACTUAL RESULTS

The comment line will be removed and if I reboot the cloud system google adds the line again and ansible changes the line again and so on.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Tux12Fun