55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
---
|
|
- name: Initialize SSH host keys
|
|
block:
|
|
- name: Generate SSH host keypair
|
|
ansible.builtin.command:
|
|
argv:
|
|
- ssh-keygen
|
|
- -f
|
|
- "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
|
|
- -t
|
|
- ed25519
|
|
- -C
|
|
- "{{ vm_fqdn }}"
|
|
- -N
|
|
- ""
|
|
creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
|
|
|
|
- name: Evaluate certificate
|
|
ansible.builtin.stat:
|
|
path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}"
|
|
get_attributes: no
|
|
register: stat_ssh_cert
|
|
|
|
# - name: Sign SSH host key
|
|
# ansible.builtin.command:
|
|
# argv:
|
|
# - ssh-keygen
|
|
# - -s
|
|
# - "{{ ssh_ca_path }}/{{ tenant }}"
|
|
# - -I
|
|
# - "{{ ssh_ca_prefix }} - {{ vm_fqdn }}"
|
|
# - -hn
|
|
# - "{{ vm_fqdn }}"
|
|
# - "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub"
|
|
# creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
|
|
|
|
- name: Sign SSH host key
|
|
ansible.builtin.expect:
|
|
command: ssh-keygen -s "{{ ssh_ca_path }}/{{ tenant }}" -I "{{ ssh_ca_prefix }} - {{ vm_fqdn }}" -hn "{{ vm_fqdn }}" "{{ ssh_ca_path }}/host_keys/{{ vm_name }}.pub"
|
|
responses:
|
|
Enter passphrase: "{{ ca_pp }}"
|
|
timeout: 3
|
|
creates: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
|
|
|
|
- name: Evaluate public key
|
|
ansible.builtin.stat:
|
|
path: "{{ ssh_ca_path }}/host_keys/{{ vm_name }}-cert.pub"
|
|
get_attributes: no
|
|
register: stat_ssh_spk
|
|
|
|
no_log: true
|
|
delegate_to: localhost
|
|
tags:
|
|
- init_ssh
|