diff options
author | Georg Pfuetzenreuter | 2022-02-13 16:56:12 +0100 |
---|---|---|
committer | Georg Pfuetzenreuter | 2022-02-13 16:56:12 +0100 |
commit | 2ce8450b893ad9f8a119a1ff24dcc7eb4ba78b82 (patch) | |
tree | 031a57c9007535346a2760b352f66ee70dabb761 /ansible/deployment_poc/tasks/configure_ssh.yml | |
parent | 9f8f61a0abb3ab5cf8d94540573191ba4b8893d0 (diff) | |
download | system-2ce8450b893ad9f8a119a1ff24dcc7eb4ba78b82.tar.gz system-2ce8450b893ad9f8a119a1ff24dcc7eb4ba78b82.tar.bz2 system-2ce8450b893ad9f8a119a1ff24dcc7eb4ba78b82.zip |
Bulk update
Signed-off-by: Georg Pfuetzenreuter <georg@lysergic.dev>
Diffstat (limited to 'ansible/deployment_poc/tasks/configure_ssh.yml')
-rw-r--r-- | ansible/deployment_poc/tasks/configure_ssh.yml | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/ansible/deployment_poc/tasks/configure_ssh.yml b/ansible/deployment_poc/tasks/configure_ssh.yml new file mode 100644 index 0000000..d47b004 --- /dev/null +++ b/ansible/deployment_poc/tasks/configure_ssh.yml @@ -0,0 +1,65 @@ +--- +- name: Configure SSH server + block: + - name: Switch user + set_fact: + ansible_user_original: "{{ lookup('env', 'USER') }}" + ansible_ssh_private_key_file_original: "{{ ansible_ssh_private_key_file }}" + ansible_user: install + ansible_ssh_private_key_file: "{{ installkey }}" + + - name: Test 1 + ansible.builtin.raw: whoami + vars: + - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' + + - name: Install SSH host certificate + ansible.builtin.copy: + checksum: "{{ stat_ssh_cert.stat.checksum }}" + dest: "/etc/ssh/{{ vm_name }}" + group: root + local_follow: no + mode: 0400 + owner: root + src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}" + become: yes + become_method: sudo + become_user: root + vars: + - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' + + - name: Install SSH host key + ansible.builtin.copy: + checksum: "{{ stat_ssh_spk.stat.checksum }}" + dest: "/etc/ssh/{{ vm_name }}-cert.pub" + group: root + local_follow: no + mode: 0444 + owner: root + src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub" + become: yes + become_method: sudo + become_user: root + vars: + - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' + + - name: Install sshd configuration + ansible.builtin.script: + cmd: "../shell/configure_sshd.sh '{{ ca_pk }}'" + become: yes + become_method: sudo + become_user: root + vars: + - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' + + - name: Switch user + set_fact: + ansible_user: "{{ ansible_user_original }}" + ansible_ssh_private_key_file: "{{ ansible_ssh_private_key_file_original }}" + + - name: Test 2 + ansible.builtin.raw: whoami + + tags: + - init_ssh + |