system/ansible/deployment_poc/tasks/configure_ssh.yml

66 lines
1.9 KiB
YAML
Raw Normal View History

---
- name: Configure SSH server
block:
- name: Switch user
set_fact:
ansible_user_original: "{{ lookup('env', 'USER') }}"
ansible_ssh_private_key_file_original: "{{ ansible_ssh_private_key_file }}"
ansible_user: install
ansible_ssh_private_key_file: "{{ installkey }}"
- name: Test 1
ansible.builtin.raw: whoami
vars:
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
- name: Install SSH host certificate
ansible.builtin.copy:
checksum: "{{ stat_ssh_cert.stat.checksum }}"
dest: "/etc/ssh/{{ vm_name }}"
group: root
local_follow: no
mode: 0400
owner: root
src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
become: yes
become_method: sudo
become_user: root
vars:
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
- name: Install SSH host key
ansible.builtin.copy:
checksum: "{{ stat_ssh_spk.stat.checksum }}"
dest: "/etc/ssh/{{ vm_name }}-cert.pub"
group: root
local_follow: no
mode: 0444
owner: root
src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
become: yes
become_method: sudo
become_user: root
vars:
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
- name: Install sshd configuration
ansible.builtin.script:
cmd: "../shell/configure_sshd.sh '{{ ca_pk }}'"
become: yes
become_method: sudo
become_user: root
vars:
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
- name: Switch user
set_fact:
ansible_user: "{{ ansible_user_original }}"
ansible_ssh_private_key_file: "{{ ansible_ssh_private_key_file_original }}"
- name: Test 2
ansible.builtin.raw: whoami
tags:
- init_ssh