Updates for structure

2021-03-16 03:09:19 -05:00
parent 68ef34c3c6
commit 87775fe636
2 changed files with 105 additions and 38 deletions
--- a/playbooks/sshkey.yml
+++ b/playbooks/sshkey.yml
@@ -11,14 +11,14 @@
 #
 # Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
 #
- hosts: "{{ targets | default('all') }}"
+- hosts: "{{ targets | default('managed') }}"
  order: sorted
-  serial: "{{ threads | default('8') }}"
+  serial: "{{ threads | default('1') }}"
  gather_facts: false
  ignore_unreachable: true
  vars: 
      ansible_ssh_port: "{{ sshport | default('22') }}" 
-      keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
+      keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
  vars_files:
     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"

@@ -28,18 +28,38 @@
        command: "cat {{ keyfile }}"
        register: key

-      # Thanks to https://gist.github.com/shirou/6928012
-      - name: Ensure ssh host key known
+      - name: Ensure known_hosts is commented
        delegate_to: localhost
        lineinfile:
            dest: ~/.ssh/known_hosts
            create: yes
            state: present
-            line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
+            line: "# {{ inventory_hostname + '.' + replica_domain }}"
+
+      # Thanks to https://gist.github.com/shirou/6928012
+      - name: Ensure ssh host RSA key known
+        delegate_to: localhost
+        lineinfile:
+            dest: ~/.ssh/known_hosts
+            create: yes
+            state: present
+            line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
+
+      # Thanks to https://gist.github.com/shirou/6928012
+      - name: Ensure ssh host ED25519 key known
+        delegate_to: localhost
+        lineinfile:
+            dest: ~/.ssh/known_hosts
+            create: yes
+            state: present
+            line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -ted25519 -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"

      - authorized_key:
-            user: "{{ lookup('env','USER') }}"
+            user: "{{ depriv_user }}"
            key: "{{ key.stdout }}"
            state: present
            exclusive: true
-        name: "Pass authorized key" 
+        name: "Pass authorized key"
+        vars:
+          ansible_ssh_password: "{{ vars['passwords'][inventory_hostname] }}"
+