blob: d47b004a2624790e7b77e4a36bce2db67bb30010 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
---
- name: Configure SSH server
block:
- name: Switch user
set_fact:
ansible_user_original: "{{ lookup('env', 'USER') }}"
ansible_ssh_private_key_file_original: "{{ ansible_ssh_private_key_file }}"
ansible_user: install
ansible_ssh_private_key_file: "{{ installkey }}"
- name: Test 1
ansible.builtin.raw: whoami
vars:
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
- name: Install SSH host certificate
ansible.builtin.copy:
checksum: "{{ stat_ssh_cert.stat.checksum }}"
dest: "/etc/ssh/{{ vm_name }}"
group: root
local_follow: no
mode: 0400
owner: root
src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
become: yes
become_method: sudo
become_user: root
vars:
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
- name: Install SSH host key
ansible.builtin.copy:
checksum: "{{ stat_ssh_spk.stat.checksum }}"
dest: "/etc/ssh/{{ vm_name }}-cert.pub"
group: root
local_follow: no
mode: 0444
owner: root
src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
become: yes
become_method: sudo
become_user: root
vars:
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
- name: Install sshd configuration
ansible.builtin.script:
cmd: "../shell/configure_sshd.sh '{{ ca_pk }}'"
become: yes
become_method: sudo
become_user: root
vars:
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
- name: Switch user
set_fact:
ansible_user: "{{ ansible_user_original }}"
ansible_ssh_private_key_file: "{{ ansible_ssh_private_key_file_original }}"
- name: Test 2
ansible.builtin.raw: whoami
tags:
- init_ssh
|
