Parcourir la source

current

master
révision
d1372e6f8c
10 fichiers modifiés avec 80 ajouts et 0 suppressions
  1. +1
    -0
      .gitignore
  2. +1
    -0
      defaults/main.yml
  3. +13
    -0
      tasks/fetch.yml
  4. +27
    -0
      tasks/main.yml
  5. +8
    -0
      tasks/save.yml
  6. +12
    -0
      tasks/scan.yml
  7. +10
    -0
      tasks/setup.yml
  8. +3
    -0
      templates/host_vars.j2
  9. +1
    -0
      templates/ssh_host_key.j2
  10. +4
    -0
      vars/main.yml

+ 1
- 0
.gitignore Voir le fichier

@@ -0,0 +1 @@
*~

+ 1
- 0
defaults/main.yml Voir le fichier

@@ -0,0 +1 @@
ssh_host_key_type: ed25519

+ 13
- 0
tasks/fetch.yml Voir le fichier

@@ -0,0 +1,13 @@
---

- name: fetch ssh host key
command:
cat "{{ root_target_directory }}/etc/ssh/ssh_host_{{ ssh_host_key_type }}_key.pub"
register: _ssh_host_key_cat_result
changed_when: false

- name: set ssh_host_key_ed25519_public
set_fact:
ssh_host_key_ed25519_public: "{{ _ssh_host_key_cat_result.stdout.split()[1] }}"
changed_when: ssh_host_key_ed25519_public != _ssh_host_key_cat_result.stdout.split()[1]
when: ssh_host_key_type == "ed25519"

+ 27
- 0
tasks/main.yml Voir le fichier

@@ -0,0 +1,27 @@
---

- include: scan.yml
when:
ssh_host_key_state is defined and
ssh_host_key_state == 'scanned'

#- include: setup.yml

- include: fetch.yml
when:
root_target_directory is defined and (
not ssh_host_key_state is defined or
ssh_host_key_state == 'fetched' )

- include: save.yml

- name: write ssh_known_hosts file
local_action: known_hosts
args:
path: 'ssh_known_hosts'
name: '{{ inventory_hostname }}'
key: "{{ inventory_hostname }} {{ _ssh_key_type[ssh_host_key_type] }} {{ _ssh_host_key[ssh_host_key_type] }}"
when:
not ssh_host_key_state is defined or
ssh_host_key_state == 'configured' or
ssh_host_key_state == 'scanned'

+ 8
- 0
tasks/save.yml Voir le fichier

@@ -0,0 +1,8 @@
---

- name: host_vars directory
local_action: file path=host_vars/{{inventory_hostname}} state=directory

- name: host_vars file
local_action: template src=host_vars.j2 dest=host_vars/{{inventory_hostname}}/ssh_host_key.yml


+ 12
- 0
tasks/scan.yml Voir le fichier

@@ -0,0 +1,12 @@
---

- name: scan ssh host
local_action: command ssh-keyscan -t {{ssh_host_key_type}} {{inventory_hostname}}
register: _ssh_keyscan_result
changed_when: false

- name: set ssh_host_key_ed25519_public
set_fact:
ssh_host_key_ed25519_public: "{{ _ssh_keyscan_result.stdout.split()[2] }}"
changed_when: ssh_host_key_ed25519_public != _ssh_keyscan_result.stdout.split()[2]
when: ssh_host_key_type == "ed25519"

+ 10
- 0
tasks/setup.yml Voir le fichier

@@ -0,0 +1,10 @@
---

- setup:
gather_subset: '!all'

- name: set ssh_host_key_ed25519_public
set_fact:
ssh_host_key_ed25519_public: "{{ ansible_ssh_host_key_ed25519_public }}"
changed_when: ssh_host_key_ed25519_public != ansible_ssh_host_key_ed25519_public
when: ssh_host_key_type == "ed25519"

+ 3
- 0
templates/host_vars.j2 Voir le fichier

@@ -0,0 +1,3 @@
{% if ssh_host_key_type == "ed25519" %}
ssh_host_key_ed25519_public: {{ ssh_host_key_ed25519_public }}
{% endif %}

+ 1
- 0
templates/ssh_host_key.j2 Voir le fichier

@@ -0,0 +1 @@
{{ _ssh_key_type[ssh_host_key_type] }} {% if ssh_host_key_type == "ed25519" %}{{ ssh_host_key_ed25519_public }}{% endif %}

+ 4
- 0
vars/main.yml Voir le fichier

@@ -0,0 +1,4 @@
_ssh_key_type:
ed25519: ssh-ed25519
_ssh_host_key:
ed25519: "{{ ssh_host_key_ed25519_public | default(undefined) }}"

Chargement…
Annuler
Enregistrer