Need to be able to manage ssh keys from host_vars or from group_vars

[terrillmoore]

Almost all of the variables per host are in host_vars or group_vars.

However, the ssh public keys are in roles/conduit/files/authorized_keys.

This is really inconvenient. Here's the really long text from the document I'm writing:

This Ansible system manages gateways.

Gateways are associated with organizations. The gateways for an organization are managed by an ops team. One ops team may manage gateways for several organizations.

The data about gateways and organizations must not be shared indiscriminately. On the other hand, the scripts and procedures for configuration management are intended to be shared (both for code reuse, and for review).

So the ops team must separate the gateway and organization data from the procedures.

For example, at MCCI we now are managing:

• MCCI's gateways in Ithaca and New York
• Lancaster's gateways in California
• The Things Network Ithaca's gateways
• The Things Network New York's gateways
• The Hualian Garden gateway

The obvious way to separate the data is to create a directory for the organization that is separate from the data for the procedure.

So the ops team at MCCI puts the data for each organization in a separate directory, corresponding to a separate Git repository.

Using the -i switch, it's quite easy to set up a hosts, group_vars and host_vars subdirectory that segregates the data. (There is some makefile hacking required, but it's not hard.)

But we can't segregate the ssh keys.

Can this be fixed?

[terrillmoore]

It appears that we could just put the ssh keys in the group_vars and/or host_vars files as text variables (or arrays). role/conduit would need to be modified somehow to construct the authorized_keys file from these values.

[jchonig]

This is implemented in the latest master.