majic-ansible-roles Changeset

Changeset - 9f48ea488876

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 3 years ago 2021-01-18 21:46:14
branko@majic.rs

MAR-151: Fix authentication issues for backup client in usage instructions:

- Add warning about how Ansible file lookup can mess with trailing
newlines.
- Disable stripping of newlines when reading the backup client SSH
private key.

1 file changed with 10 insertions and 1 deletions:

docs/usage.rst

0 comments (0 inline, 0 general)

docs/usage.rst

➞

Show inline comments

@@ @@ -2267,6 +2267,15 @@ So, back to the business: @@
 . And now to configure backup clients for all servers:
    .. warning::
       By default Ansible's file lookup plugin will strip newlines and
       spaces from the end of the file. This is a problem when
       deploying the RSA ssh keys, since if there is no newline after
       the ``-----END OPENSSH PRIVATE KEY-----`` delimeter, ssh client
       will report error about the format of the key file being
       invalid. Therefore the example below explicitly disables
       stripping newline from the end of the file.
    :file:`~/mysite/group_vars/all.yml`
    ::
@@ @@ -2277,7 +2286,7 @@ So, back to the business: @@
         - "{{ lookup('file', inventory_dir + '/ssh/bak_rsa_key.pub') }}"
         - "{{ lookup('file', inventory_dir + '/ssh/bak_ed25519_key.pub') }}"
         - "{{ lookup('file', inventory_dir + '/ssh/bak_ecdsa_key.pub') }}"
       backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn) }}"
+      backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn, rstrip=False) }}"
 . So, looking at the configuration up there, there is a couple of file lookups
    for getting the variable values, as well as one pipe lookup for fetching the

0 comments (0 inline, 0 general)