From d1372e6f8cb87b6f8e85e2644b3f215071871ece Mon Sep 17 00:00:00 2001
From: Markus Katharina Brechtel <markus.katharina.brechtel@thengo.net>
Date: Tue, 20 Dec 2016 05:08:00 +0000
Subject: [PATCH] current

---
 .gitignore                |  1 +
 defaults/main.yml         |  1 +
 tasks/fetch.yml           | 13 +++++++++++++
 tasks/main.yml            | 27 +++++++++++++++++++++++++++
 tasks/save.yml            |  8 ++++++++
 tasks/scan.yml            | 12 ++++++++++++
 tasks/setup.yml           | 10 ++++++++++
 templates/host_vars.j2    |  3 +++
 templates/ssh_host_key.j2 |  1 +
 vars/main.yml             |  4 ++++
 10 files changed, 80 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 defaults/main.yml
 create mode 100644 tasks/fetch.yml
 create mode 100644 tasks/main.yml
 create mode 100644 tasks/save.yml
 create mode 100644 tasks/scan.yml
 create mode 100644 tasks/setup.yml
 create mode 100644 templates/host_vars.j2
 create mode 100644 templates/ssh_host_key.j2
 create mode 100644 vars/main.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b25c15b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..f16df53
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1 @@
+ssh_host_key_type: ed25519
\ No newline at end of file
diff --git a/tasks/fetch.yml b/tasks/fetch.yml
new file mode 100644
index 0000000..003ef1c
--- /dev/null
+++ b/tasks/fetch.yml
@@ -0,0 +1,13 @@
+---
+
+- name: fetch ssh host key
+  command:
+    cat "{{ root_target_directory }}/etc/ssh/ssh_host_{{ ssh_host_key_type }}_key.pub"
+  register: _ssh_host_key_cat_result
+  changed_when: false
+
+- name: set ssh_host_key_ed25519_public
+  set_fact:
+    ssh_host_key_ed25519_public: "{{ _ssh_host_key_cat_result.stdout.split()[1] }}"
+  changed_when: ssh_host_key_ed25519_public != _ssh_host_key_cat_result.stdout.split()[1]
+  when: ssh_host_key_type == "ed25519"
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..31ba727
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+
+- include: scan.yml
+  when:
+    ssh_host_key_state is defined and
+    ssh_host_key_state == 'scanned'
+
+#- include: setup.yml
+
+- include: fetch.yml
+  when:
+    root_target_directory is defined and (
+    not ssh_host_key_state is defined or
+    ssh_host_key_state == 'fetched' )
+
+- include: save.yml
+
+- name: write ssh_known_hosts file
+  local_action: known_hosts
+  args:
+    path: 'ssh_known_hosts'
+    name: '{{ inventory_hostname }}'
+    key: "{{ inventory_hostname }} {{ _ssh_key_type[ssh_host_key_type] }} {{ _ssh_host_key[ssh_host_key_type] }}"
+  when:
+    not ssh_host_key_state is defined or
+    ssh_host_key_state == 'configured' or
+    ssh_host_key_state == 'scanned'
diff --git a/tasks/save.yml b/tasks/save.yml
new file mode 100644
index 0000000..a895974
--- /dev/null
+++ b/tasks/save.yml
@@ -0,0 +1,8 @@
+---
+
+- name: host_vars directory
+  local_action: file path=host_vars/{{inventory_hostname}} state=directory
+
+- name: host_vars file
+  local_action: template src=host_vars.j2 dest=host_vars/{{inventory_hostname}}/ssh_host_key.yml
+
diff --git a/tasks/scan.yml b/tasks/scan.yml
new file mode 100644
index 0000000..3e91bf7
--- /dev/null
+++ b/tasks/scan.yml
@@ -0,0 +1,12 @@
+---
+
+- name: scan ssh host
+  local_action: command ssh-keyscan -t {{ssh_host_key_type}} {{inventory_hostname}}
+  register: _ssh_keyscan_result
+  changed_when: false
+
+- name: set ssh_host_key_ed25519_public
+  set_fact:
+    ssh_host_key_ed25519_public: "{{ _ssh_keyscan_result.stdout.split()[2] }}"
+  changed_when: ssh_host_key_ed25519_public != _ssh_keyscan_result.stdout.split()[2]
+  when: ssh_host_key_type == "ed25519"
diff --git a/tasks/setup.yml b/tasks/setup.yml
new file mode 100644
index 0000000..ecda9b3
--- /dev/null
+++ b/tasks/setup.yml
@@ -0,0 +1,10 @@
+---
+
+- setup:
+    gather_subset: '!all'
+
+- name: set ssh_host_key_ed25519_public
+  set_fact:
+    ssh_host_key_ed25519_public: "{{ ansible_ssh_host_key_ed25519_public }}"
+  changed_when: ssh_host_key_ed25519_public != ansible_ssh_host_key_ed25519_public
+  when: ssh_host_key_type == "ed25519"
diff --git a/templates/host_vars.j2 b/templates/host_vars.j2
new file mode 100644
index 0000000..c8e9c97
--- /dev/null
+++ b/templates/host_vars.j2
@@ -0,0 +1,3 @@
+{% if ssh_host_key_type == "ed25519" %}
+ssh_host_key_ed25519_public: {{ ssh_host_key_ed25519_public }}
+{% endif %}
diff --git a/templates/ssh_host_key.j2 b/templates/ssh_host_key.j2
new file mode 100644
index 0000000..d29c82d
--- /dev/null
+++ b/templates/ssh_host_key.j2
@@ -0,0 +1 @@
+{{ _ssh_key_type[ssh_host_key_type] }} {% if ssh_host_key_type == "ed25519" %}{{ ssh_host_key_ed25519_public }}{% endif %}
\ No newline at end of file
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000..597f3f4
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,4 @@
+_ssh_key_type:
+  ed25519: ssh-ed25519
+_ssh_host_key:
+  ed25519: "{{ ssh_host_key_ed25519_public | default(undefined) }}"
\ No newline at end of file