1 files changed, 65 insertions, 0 deletions

diff --git a/ansible/deployment_poc/tasks/configure_ssh.yml b/ansible/deployment_poc/tasks/configure_ssh.yml
new file mode 100644
index 0000000..d47b004
--- /dev/null
+++ b/ansible/deployment_poc/tasks/configure_ssh.yml
@@ -0,0 +1,65 @@
+---
+- name: Configure SSH server
+  block:
+    - name: Switch user
+      set_fact:
+        ansible_user_original: "{{ lookup('env', 'USER') }}"
+        ansible_ssh_private_key_file_original: "{{ ansible_ssh_private_key_file }}"
+        ansible_user: install
+        ansible_ssh_private_key_file: "{{ installkey }}"
+    
+    - name: Test 1
+      ansible.builtin.raw: whoami
+      vars:
+        - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
+    
+    - name: Install SSH host certificate
+      ansible.builtin.copy:
+        checksum: "{{ stat_ssh_cert.stat.checksum }}"
+        dest: "/etc/ssh/{{ vm_name }}"
+        group: root
+        local_follow: no
+        mode: 0400
+        owner: root
+        src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
+      become: yes
+      become_method: sudo
+      become_user: root
+      vars:
+        - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
+   
+    - name: Install SSH host key
+      ansible.builtin.copy:
+        checksum: "{{ stat_ssh_spk.stat.checksum }}"
+        dest: "/etc/ssh/{{ vm_name }}-cert.pub"
+        group: root
+        local_follow: no
+        mode: 0444
+        owner: root
+        src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
+      become: yes
+      become_method: sudo
+      become_user: root
+      vars:
+        - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
+ 
+    - name: Install sshd configuration
+      ansible.builtin.script:
+        cmd: "../shell/configure_sshd.sh '{{ ca_pk }}'"
+      become: yes
+      become_method: sudo
+      become_user: root
+      vars:
+        - ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
+  
+    - name: Switch user
+      set_fact:
+        ansible_user: "{{ ansible_user_original }}"
+        ansible_ssh_private_key_file: "{{ ansible_ssh_private_key_file_original }}"
+    
+    - name: Test 2
+      ansible.builtin.raw: whoami
+    
+  tags:
+    - init_ssh
+