From 2ce8450b893ad9f8a119a1ff24dcc7eb4ba78b82 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 13 Feb 2022 16:56:12 +0100 Subject: Bulk update Signed-off-by: Georg Pfuetzenreuter --- ansible/deployment_poc/tasks/init_ssh.yml | 53 +++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 ansible/deployment_poc/tasks/init_ssh.yml (limited to 'ansible/deployment_poc/tasks/init_ssh.yml') diff --git a/ansible/deployment_poc/tasks/init_ssh.yml b/ansible/deployment_poc/tasks/init_ssh.yml new file mode 100644 index 0000000..386c517 --- /dev/null +++ b/ansible/deployment_poc/tasks/init_ssh.yml @@ -0,0 +1,53 @@ +--- +- name: Initialize SSH host keys + block: + - name: Generate SSH host keypair + ansible.builtin.command: + argv: + - ssh-keygen + - -f + - "{{ ssh_ca_path }}/host_keys/{{ vm_name }}" + - -t + - ed25519 + - -C + - "{{ vm_fqdn }}" + - -N + - "" + creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}" + + - name: Evaluate certificate + ansible.builtin.stat: + path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}" + get_attributes: no + register: stat_ssh_cert + +# - name: Sign SSH host key +# ansible.builtin.command: +# argv: +# - ssh-keygen +# - -s +# - "{{ ssh_ca_path }}/{{ tenant }}" +# - -I +# - "{{ ssh_ca_prefix }} - {{ vm_fqdn }}" +# - -hn +# - "{{ vm_fqdn }}" +# - "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub" +# creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub" + + - name: Sign SSH host key + ansible.builtin.expect: + command: ssh-keygen -s "{{ ssh_ca_path }}/{{ tenant }}" -I "{{ ssh_ca_prefix }} - {{ vm_fqdn }}" -hn "{{ vm_fqdn }}" "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub" + responses: + Enter passphrase: "{{ ca_pp }}" + timeout: 3 + creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub" + + - name: Evaluate public key + ansible.builtin.stat: + path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub" + get_attributes: no + register: stat_ssh_spk + + delegate_to: localhost + tags: + - init_ssh -- cgit v1.2.3