66 lines
1.9 KiB
YAML
66 lines
1.9 KiB
YAML
|
---
|
||
|
- name: Configure SSH server
|
||
|
block:
|
||
|
- name: Switch user
|
||
|
set_fact:
|
||
|
ansible_user_original: "{{ lookup('env', 'USER') }}"
|
||
|
ansible_ssh_private_key_file_original: "{{ ansible_ssh_private_key_file }}"
|
||
|
ansible_user: install
|
||
|
ansible_ssh_private_key_file: "{{ installkey }}"
|
||
|
|
||
|
- name: Test 1
|
||
|
ansible.builtin.raw: whoami
|
||
|
vars:
|
||
|
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
|
||
|
|
||
|
- name: Install SSH host certificate
|
||
|
ansible.builtin.copy:
|
||
|
checksum: "{{ stat_ssh_cert.stat.checksum }}"
|
||
|
dest: "/etc/ssh/{{ vm_name }}"
|
||
|
group: root
|
||
|
local_follow: no
|
||
|
mode: 0400
|
||
|
owner: root
|
||
|
src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
|
||
|
become: yes
|
||
|
become_method: sudo
|
||
|
become_user: root
|
||
|
vars:
|
||
|
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
|
||
|
|
||
|
- name: Install SSH host key
|
||
|
ansible.builtin.copy:
|
||
|
checksum: "{{ stat_ssh_spk.stat.checksum }}"
|
||
|
dest: "/etc/ssh/{{ vm_name }}-cert.pub"
|
||
|
group: root
|
||
|
local_follow: no
|
||
|
mode: 0444
|
||
|
owner: root
|
||
|
src: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
|
||
|
become: yes
|
||
|
become_method: sudo
|
||
|
become_user: root
|
||
|
vars:
|
||
|
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
|
||
|
|
||
|
- name: Install sshd configuration
|
||
|
ansible.builtin.script:
|
||
|
cmd: "../shell/configure_sshd.sh '{{ ca_pk }}'"
|
||
|
become: yes
|
||
|
become_method: sudo
|
||
|
become_user: root
|
||
|
vars:
|
||
|
- ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
|
||
|
|
||
|
- name: Switch user
|
||
|
set_fact:
|
||
|
ansible_user: "{{ ansible_user_original }}"
|
||
|
ansible_ssh_private_key_file: "{{ ansible_ssh_private_key_file_original }}"
|
||
|
|
||
|
- name: Test 2
|
||
|
ansible.builtin.raw: whoami
|
||
|
|
||
|
tags:
|
||
|
- init_ssh
|
||
|
|