Ver código fonte

hardcode to ed25519

master
pai
commit
7088d68d75
7 arquivos alterados com 6 adições e 14 exclusões
  1. +0
    -1
      defaults/main.yml
  2. +1
    -2
      tasks/fetch.yml
  3. +4
    -2
      tasks/save.yml
  4. +1
    -2
      tasks/scan.yml
  5. +0
    -1
      tasks/setup.yml
  6. +0
    -2
      templates/host_vars.j2
  7. +0
    -4
      vars/main.yml

+ 0
- 1
defaults/main.yml Ver arquivo

@@ -1,4 +1,3 @@
ssh_host_key_type: ed25519
ssh_host_key_types:
- ed25519
- ecdsa


+ 1
- 2
tasks/fetch.yml Ver arquivo

@@ -2,7 +2,7 @@

- name: fetch ssh host key
command:
cat "{{ root_target_directory | default("") }}/etc/ssh/ssh_host_{{ ssh_host_key_type }}_key.pub"
cat "{{ root_target_directory | default("") }}/etc/ssh/ssh_host_ed25519_key.pub"
register: _ssh_host_key_cat_result
changed_when: false

@@ -10,4 +10,3 @@
set_fact:
ssh_host_key_ed25519_public: "{{ _ssh_host_key_cat_result.stdout.split()[1] }}"
changed_when: ssh_host_key_ed25519_public != _ssh_host_key_cat_result.stdout.split()[1]
when: ssh_host_key_type == "ed25519"

+ 4
- 2
tasks/save.yml Ver arquivo

@@ -10,5 +10,7 @@
local_action: known_hosts
args:
path: "{{ playbook_dir }}/ssh_known_hosts"
name: "{{ inventory_hostname }}"
key: "{{ inventory_hostname }},{{ ssh_ip }} {{ _ssh_key_type[ssh_host_key_type] }} {{ _ssh_host_key[ssh_host_key_type] }}"
name: "{{ item }}"
key: "{{ item }},{{ hostvars[item].ssh_ip }} ssh-ed25519 {{ hostvars[item].ssh_host_key_ed25519_public }}"
with_items: "{{play_hosts}}"
run_once: true

+ 1
- 2
tasks/scan.yml Ver arquivo

@@ -1,7 +1,7 @@
---

- name: scan ssh host
local_action: command ssh-keyscan -t {{ssh_host_key_type}} {{ansible_host}}
local_action: command ssh-keyscan -t ed25519 {{ansible_host}}
register: _ssh_keyscan_result
changed_when: false

@@ -9,4 +9,3 @@
set_fact:
ssh_host_key_ed25519_public: "{{ _ssh_keyscan_result.stdout.split()[2] }}"
changed_when: ssh_host_key_ed25519_public != _ssh_keyscan_result.stdout.split()[2]
when: ssh_host_key_type == "ed25519"

+ 0
- 1
tasks/setup.yml Ver arquivo

@@ -4,4 +4,3 @@
set_fact:
ssh_host_key_ed25519_public: "{{ ansible_ssh_host_key_ed25519_public }}"
changed_when: ssh_host_key_ed25519_public != ansible_ssh_host_key_ed25519_public
when: ssh_host_key_type == "ed25519"

+ 0
- 2
templates/host_vars.j2 Ver arquivo

@@ -1,3 +1 @@
{% if ssh_host_key_type == "ed25519" %}
ssh_host_key_ed25519_public: {{ ssh_host_key_ed25519_public }}
{% endif %}

+ 0
- 4
vars/main.yml Ver arquivo

@@ -1,4 +0,0 @@
_ssh_key_type:
ed25519: ssh-ed25519
_ssh_host_key:
ed25519: "{{ ssh_host_key_ed25519_public | default(undefined) }}"

Carregando…
Cancelar
Salvar