When I do the following in ansible 1.9.1, it treats each _individual_ per-user key as exclusive, not the _group_ of per-user keys as exclusive. As a result, only the last specified per-user key is usable.
- name: sync all users keys
authorized_key: user={{item.0.name}} key='{{item.1}}' state=present exclusive=yes
with_subelements:
- users
- keys
that is expected, you are running the module X number of times, each time with exclusive (X == number of items).
Hi!
Thanks very much for your submission to Ansible. It sincerely means a lot to us.
We believe the ticket you have filed is being somewhat misunderstood, as one thing works a little differently than stated.
In the future, this might be a topic more well suited for the user list, which you can also post here if you'd like some more help with the above.
Thank you once again for this and your interest in Ansible!
I've solved this by an intermediate step. Like so
# Read each file and split by newline, allowing for multiple keys per file
- name: Assemble keys
set_fact:
key_item: "{{ lookup('file', role_path + '/files/' + item).split('\n') }}"
with_items:
- bob.pub
- fred.pub
- barney.pub
register: keys
# Select each key, joining it again and join all keys. Internally the ansible
# module will then split the string by newline and work at each one. This is
# the only way exclusive works with a list of keys.
- name: Distribute operations ssh-keys to root
authorized_key:
key : "{{ keys.results|selectattr('ansible_facts','defined')|map(attribute='ansible_facts.key_item')|map('join', '\n')|join('\n') }}"
manage_dir : yes
state : present
user : root
exclusive : yes
Most helpful comment
I've solved this by an intermediate step. Like so