Catching up with current dev

2022-04-19 12:01:03 -05:00
parent a881363b9b
commit d1140cf78b
15 changed files with 423 additions and 109 deletions
--- a/playbooks/sshkey.yml
+++ b/playbooks/sshkey.yml
@@ -13,53 +13,27 @@
 #
 - hosts: "{{ targets | default('managed') }}"
  order: sorted
-  serial: "{{ threads | default('1') }}"
-  gather_facts: false
+  serial: "{{ threads | default('8') }}"
+  gather_facts: true
  ignore_unreachable: true
  vars: 
+      ansible_ssh_password: "{{ passwords[inventory_hostname] }}"
      ansible_ssh_port: "{{ sshport | default('22') }}" 
      keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
  vars_files:
     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"

  tasks:
+      # Scanning SSH keys has been replaced with ../bin/generate-ssh-keyscan
+     
      - name: Get key
        delegate_to: localhost
        command: "cat {{ keyfile }}"
        register: key

-      - name: Ensure known_hosts is commented
-        delegate_to: localhost
-        lineinfile:
-            dest: ~/.ssh/known_hosts
-            create: yes
-            state: present
-            line: "# {{ inventory_hostname + '.' + replica_domain }}"
-
-      # Thanks to https://gist.github.com/shirou/6928012
-      - name: Ensure ssh host RSA key known
-        delegate_to: localhost
-        lineinfile:
-            dest: ~/.ssh/known_hosts
-            create: yes
-            state: present
-            line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
-
-      # Thanks to https://gist.github.com/shirou/6928012
-      - name: Ensure ssh host ED25519 key known
-        delegate_to: localhost
-        lineinfile:
-            dest: ~/.ssh/known_hosts
-            create: yes
-            state: present
-            line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -ted25519 -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
-
      - authorized_key:
-            user: "{{ depriv_user }}"
+            user: "{{ ansible_user_id }}"
            key: "{{ key.stdout }}"
            state: present
            exclusive: true
        name: "Pass authorized key"
-        vars:
-          ansible_ssh_password: "{{ vars['passwords'][inventory_hostname] }}"
-