system/ansible/deployment_poc/tasks/init_ssh.yml

54 lines
1.5 KiB
YAML
Raw Normal View History

---
- name: Initialize SSH host keys
block:
- name: Generate SSH host keypair
ansible.builtin.command:
argv:
- ssh-keygen
- -f
- "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
- -t
- ed25519
- -C
- "{{ vm_fqdn }}"
- -N
- ""
creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
- name: Evaluate certificate
ansible.builtin.stat:
path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
get_attributes: no
register: stat_ssh_cert
# - name: Sign SSH host key
# ansible.builtin.command:
# argv:
# - ssh-keygen
# - -s
# - "{{ ssh_ca_path }}/{{ tenant }}"
# - -I
# - "{{ ssh_ca_prefix }} - {{ vm_fqdn }}"
# - -hn
# - "{{ vm_fqdn }}"
# - "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub"
# creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
- name: Sign SSH host key
ansible.builtin.expect:
command: ssh-keygen -s "{{ ssh_ca_path }}/{{ tenant }}" -I "{{ ssh_ca_prefix }} - {{ vm_fqdn }}" -hn "{{ vm_fqdn }}" "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub"
responses:
Enter passphrase: "{{ ca_pp }}"
timeout: 3
creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
- name: Evaluate public key
ansible.builtin.stat:
path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
get_attributes: no
register: stat_ssh_spk
delegate_to: localhost
tags:
- init_ssh