2020-10-08 16:33:19 -05:00
|
|
|
# ---
|
|
|
|
|
# sshkey.yml
|
|
|
|
|
#
|
|
|
|
|
# ssh-keyscan and copy your SSH key to hosts
|
|
|
|
|
#
|
|
|
|
|
# Parameters:
|
|
|
|
|
# targets: group in the inventory to use
|
|
|
|
|
# threads: number of simultaneous executions
|
|
|
|
|
# pubkey: file to hand off
|
|
|
|
|
# sshport (optional): override 22/tcp/ssh for Ansible control
|
|
|
|
|
#
|
|
|
|
|
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
|
|
|
|
|
#
|
2021-03-16 03:09:19 -05:00
|
|
|
- hosts: "{{ targets | default('managed') }}"
|
2020-10-08 16:33:19 -05:00
|
|
|
order: sorted
|
2022-04-19 12:01:03 -05:00
|
|
|
serial: "{{ threads | default('8') }}"
|
|
|
|
|
gather_facts: true
|
2020-10-08 16:33:19 -05:00
|
|
|
ignore_unreachable: true
|
|
|
|
|
vars:
|
2022-04-19 12:01:03 -05:00
|
|
|
ansible_ssh_password: "{{ passwords[inventory_hostname] }}"
|
2020-10-08 16:33:19 -05:00
|
|
|
ansible_ssh_port: "{{ sshport | default('22') }}"
|
2021-03-16 03:09:19 -05:00
|
|
|
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
|
2020-10-08 16:33:19 -05:00
|
|
|
vars_files:
|
|
|
|
|
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
|
|
|
|
|
|
|
|
|
|
tasks:
|
2022-04-19 12:01:03 -05:00
|
|
|
# Scanning SSH keys has been replaced with ../bin/generate-ssh-keyscan
|
|
|
|
|
|
2020-10-08 16:33:19 -05:00
|
|
|
- name: Get key
|
|
|
|
|
delegate_to: localhost
|
|
|
|
|
command: "cat {{ keyfile }}"
|
|
|
|
|
register: key
|
|
|
|
|
|
|
|
|
|
- authorized_key:
|
2022-04-19 12:01:03 -05:00
|
|
|
user: "{{ ansible_user_id }}"
|
2020-10-08 16:33:19 -05:00
|
|
|
key: "{{ key.stdout }}"
|
|
|
|
|
state: present
|
|
|
|
|
exclusive: true
|
2021-03-16 03:09:19 -05:00
|
|
|
name: "Pass authorized key"
|
