diff options
Diffstat (limited to 'ansible/deployment_poc/tasks/init_ssh.yml')
| -rw-r--r-- | ansible/deployment_poc/tasks/init_ssh.yml | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/ansible/deployment_poc/tasks/init_ssh.yml b/ansible/deployment_poc/tasks/init_ssh.yml new file mode 100644 index 0000000..386c517 --- /dev/null +++ b/ansible/deployment_poc/tasks/init_ssh.yml @@ -0,0 +1,53 @@ +--- +- name: Initialize SSH host keys + block: + - name: Generate SSH host keypair + ansible.builtin.command: + argv: + - ssh-keygen + - -f + - "{{ ssh_ca_path }}/host_keys/{{ vm_name }}" + - -t + - ed25519 + - -C + - "{{ vm_fqdn }}" + - -N + - "" + creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}" + + - name: Evaluate certificate + ansible.builtin.stat: + path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}" + get_attributes: no + register: stat_ssh_cert + +# - name: Sign SSH host key +# ansible.builtin.command: +# argv: +# - ssh-keygen +# - -s +# - "{{ ssh_ca_path }}/{{ tenant }}" +# - -I +# - "{{ ssh_ca_prefix }} - {{ vm_fqdn }}" +# - -hn +# - "{{ vm_fqdn }}" +# - "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub" +# creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub" + + - name: Sign SSH host key + ansible.builtin.expect: + command: ssh-keygen -s "{{ ssh_ca_path }}/{{ tenant }}" -I "{{ ssh_ca_prefix }} - {{ vm_fqdn }}" -hn "{{ vm_fqdn }}" "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub" + responses: + Enter passphrase: "{{ ca_pp }}" + timeout: 3 + creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub" + + - name: Evaluate public key + ansible.builtin.stat: + path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub" + get_attributes: no + register: stat_ssh_spk + + delegate_to: localhost + tags: + - init_ssh |