pass SSH as argument into ansible-playbook

Question

I have Dockerfile:

FROM ubuntu:16.04

ARG ssh_prv_key
ARG ssh_pub_key

RUN apt-get update && \
    apt-get install ... USUAL INSTALL STUFF ...

WORKDIR /app/

CMD git clone MY_REPO

I build image like this:

$ docker build -t example --build-arg ssh_prv_key="$(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa.pub)" .

When I create container from this image it automaticaly pulls git-repo and save it on host using -v argument and self-destroyes using --rm.

The problem begins when I try to do same things using ansible docker_image module.

playbook looks like this:

---
- hosts: localhost
  environment:
    PYTHONPATH: /usr/local/lib/python2.7/site-packages/

  tasks:
  - name: create image from Dockerfile
    docker_image:
      path: /home/demaunt/Jun/dock_click
      dockerfile: biba.dockerfile
      name: myimage
      buildargs: 
        ssh_pub_key: '{{ pub }}'
        ssh_prv_key: '{{ pvt }}'

I start it like this:

ansible-playbook bibansible.yml --extra-vars "pub=$(cat ~/.ssh/id_rsa.pub) pvt=$(cat ~/.ssh/id_rsa)"

The image is built succesfully, but when running container I get Permission error (publickey). I also tried to pass arguments into .yml file like this:

---
- hosts: localhost
  environment:
    PYTHONPATH: /usr/local/lib/python2.7/site-packages/

  tasks:
  - name: create image from Dockerfile
    docker_image:
      path: /home/demaunt/Jun/dock_click
      dockerfile: biba.dockerfile
      name: myimage
      buildargs: 
        ssh_pub_key:
          command: cat ~/.ssh/id_rsa.pub
        ssh_prv_key: 
          command: cat ~/.ssh/id_rsa

P.S. I understand that passing ssh keys into image is not the best option, but it is acceptable as temporary solution.

Answer 1

You cannot use command at this level in ansible.
But to get the content of a local file, take a look at lookup

[...]
buildargs: 
    ssh_pub_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    ssh_prv_key: "{{ lookup('file', '~/.ssh/id_rsa') }}"