2020-10-08 16:33:19 -05:00
|
|
|
# ---
|
|
|
|
# sshkey.yml
|
|
|
|
#
|
|
|
|
# ssh-keyscan and copy your SSH key to hosts
|
|
|
|
#
|
|
|
|
# Parameters:
|
|
|
|
# targets: group in the inventory to use
|
|
|
|
# threads: number of simultaneous executions
|
|
|
|
# pubkey: file to hand off
|
|
|
|
# sshport (optional): override 22/tcp/ssh for Ansible control
|
|
|
|
#
|
|
|
|
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
|
|
|
|
#
|
2021-03-16 03:09:19 -05:00
|
|
|
- hosts: "{{ targets | default('managed') }}"
|
2020-10-08 16:33:19 -05:00
|
|
|
order: sorted
|
2021-03-16 03:09:19 -05:00
|
|
|
serial: "{{ threads | default('1') }}"
|
2020-10-08 16:33:19 -05:00
|
|
|
gather_facts: false
|
|
|
|
ignore_unreachable: true
|
|
|
|
vars:
|
|
|
|
ansible_ssh_port: "{{ sshport | default('22') }}"
|
2021-03-16 03:09:19 -05:00
|
|
|
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
|
2020-10-08 16:33:19 -05:00
|
|
|
vars_files:
|
|
|
|
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
|
|
|
|
|
|
|
|
tasks:
|
|
|
|
- name: Get key
|
|
|
|
delegate_to: localhost
|
|
|
|
command: "cat {{ keyfile }}"
|
|
|
|
register: key
|
|
|
|
|
2021-03-16 03:09:19 -05:00
|
|
|
- name: Ensure known_hosts is commented
|
|
|
|
delegate_to: localhost
|
|
|
|
lineinfile:
|
|
|
|
dest: ~/.ssh/known_hosts
|
|
|
|
create: yes
|
|
|
|
state: present
|
|
|
|
line: "# {{ inventory_hostname + '.' + replica_domain }}"
|
|
|
|
|
|
|
|
# Thanks to https://gist.github.com/shirou/6928012
|
|
|
|
- name: Ensure ssh host RSA key known
|
|
|
|
delegate_to: localhost
|
|
|
|
lineinfile:
|
|
|
|
dest: ~/.ssh/known_hosts
|
|
|
|
create: yes
|
|
|
|
state: present
|
|
|
|
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
|
|
|
|
|
2020-10-08 16:33:19 -05:00
|
|
|
# Thanks to https://gist.github.com/shirou/6928012
|
2021-03-16 03:09:19 -05:00
|
|
|
- name: Ensure ssh host ED25519 key known
|
2020-10-08 16:33:19 -05:00
|
|
|
delegate_to: localhost
|
|
|
|
lineinfile:
|
|
|
|
dest: ~/.ssh/known_hosts
|
|
|
|
create: yes
|
|
|
|
state: present
|
2021-03-16 03:09:19 -05:00
|
|
|
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -ted25519 -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
|
2020-10-08 16:33:19 -05:00
|
|
|
|
|
|
|
- authorized_key:
|
2021-03-16 03:09:19 -05:00
|
|
|
user: "{{ depriv_user }}"
|
2020-10-08 16:33:19 -05:00
|
|
|
key: "{{ key.stdout }}"
|
|
|
|
state: present
|
|
|
|
exclusive: true
|
2021-03-16 03:09:19 -05:00
|
|
|
name: "Pass authorized key"
|
|
|
|
vars:
|
|
|
|
ansible_ssh_password: "{{ vars['passwords'][inventory_hostname] }}"
|
|
|
|
|