This role helps with managing SSH authorized keys from Ansible variables. It allows to add,
modify and delete SSH public keys e.g. from ~/.ssh/authorized_keys with variable ssh_authorized_keys. This variable
is defined as a list where each list item is a dictionary of parameters that will be passed to Ansible's authorized_key
module. For example, to ensure that public SSH keys of the current user who runs
Ansible on the Ansible controller is present on an Ansible host, define variable ssh_authorized_keys in
group_vars or host_vars as such:
ssh_authorized_keys_default: |
{% for type in ['dsa', 'ecdsa', 'ed25519', 'rsa'] %}
{% set path = lookup('env','HOME') + '/.ssh/id_' + type + '.pub' %}
{% set found = lookup('first_found', path, errors='ignore') | default('', true) | length > 0 %}
{% if found %}
- comment: "{{ lookup('pipe','whoami') + '@' + lookup('pipe','hostname') + ':' + path }}"
key: "{{ lookup('file', path) }}"
state: present
user: '{{ ansible_user }}'
{% endif %}
{% endfor %}
ssh_authorized_keys: '{{ ssh_authorized_keys_default | from_yaml }}'When this role is executed, it will pass each item of the ssh_authorized_keys list one after another as parameters to
Ansible's authorized_key module.
Tested OS images
- Cloud image (
amd64) of Debian 10 (Buster) - Cloud image (
amd64) of Debian 11 (Bullseye) - Cloud image (
amd64) of Debian 12 (Bookworm) - Cloud image (
amd64) of Debian 13 (Trixie) - Cloud image (
amd64) of CentOS 7 (Core) - Cloud image (
amd64) of CentOS 8 (Stream) - Cloud image (
amd64) of CentOS 9 (Stream) - Cloud image (
amd64) of Fedora Cloud Base 40 - Cloud image (
amd64) of Ubuntu 18.04 LTS (Bionic Beaver) - Cloud image (
amd64) of Ubuntu 20.04 LTS (Focal Fossa) - Cloud image (
amd64) of Ubuntu 22.04 LTS (Jammy Jellyfish) - Cloud image (
amd64) of Ubuntu 24.04 LTS (Noble Numbat)
Available on Ansible Galaxy in Collection jm1.cloudy.
None.
| Name | Default value | Required | Description |
|---|---|---|---|
ssh_authorized_keys |
[] |
false | List of parameter dictionaries for Ansible's authorized_key module |
None.
- hosts: all
become: true
vars:
# Variables are listed here for convenience and illustration.
# In a production setup, variables would be defined e.g. in
# group_vars and/or host_vars of an Ansible inventory.
# Ref.:
# https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html
# https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
ssh_authorized_keys:
- # Add SSH public keys from jm1's github account
key: https://github.com/jm1.keys
state: present
user: ansible
roles:
- name: Setup SSH authorized keys
role: jm1.cloudy.ssh_authorized_keys
tags: ["jm1.cloudy.ssh_authorized_keys"]For instructions on how to run Ansible playbooks have look at Ansible's Getting Started Guide.
GNU General Public License v3.0 or later
See LICENSE.md to see the full text.