blob: 386c517b2e6cace13ed49e20a6eb2a4f15995bc1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
---
- name: Initialize SSH host keys
block:
- name: Generate SSH host keypair
ansible.builtin.command:
argv:
- ssh-keygen
- -f
- "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
- -t
- ed25519
- -C
- "{{ vm_fqdn }}"
- -N
- ""
creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
- name: Evaluate certificate
ansible.builtin.stat:
path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
get_attributes: no
register: stat_ssh_cert
# - name: Sign SSH host key
# ansible.builtin.command:
# argv:
# - ssh-keygen
# - -s
# - "{{ ssh_ca_path }}/{{ tenant }}"
# - -I
# - "{{ ssh_ca_prefix }} - {{ vm_fqdn }}"
# - -hn
# - "{{ vm_fqdn }}"
# - "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub"
# creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
- name: Sign SSH host key
ansible.builtin.expect:
command: ssh-keygen -s "{{ ssh_ca_path }}/{{ tenant }}" -I "{{ ssh_ca_prefix }} - {{ vm_fqdn }}" -hn "{{ vm_fqdn }}" "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub"
responses:
Enter passphrase: "{{ ca_pp }}"
timeout: 3
creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
- name: Evaluate public key
ansible.builtin.stat:
path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
get_attributes: no
register: stat_ssh_spk
delegate_to: localhost
tags:
- init_ssh
|
