Add Ansible tasks to update authorized SSH keys

This commit is contained in:
Lauri Võsandi 2024-07-19 14:08:51 +03:00
parent cb5644c7f3
commit 278817249e
5 changed files with 103 additions and 4 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
*.keys
*secrets.yml *secrets.yml
*secret.yml *secret.yml
*.swp *.swp

View File

@ -1,4 +1,42 @@
--- ---
- name: Pull authorized keys from Gitea
hosts: localhost
connection: local
vars:
targets: "{{ hostvars[groups['all']] }}"
tasks:
- name: Download https://git.k-space.ee/user.keys
loop:
- arti
- eaas
- lauri
- rasmus
ansible.builtin.get_url:
url: https://git.k-space.ee/{{ item }}.keys
dest: "./{{ item }}.keys"
- name: Push authorized keys to targets
hosts:
- misc
- kubernetes
- doors
tasks:
- name: Generate /root/.ssh/authorized_keys
ansible.builtin.copy:
dest: "/root/.ssh/authorized_keys"
owner: root
group: root
mode: '0644'
content: |
# Use `ansible-playbook ansible-update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
{% for user in admins + extra_admins | unique | sort %}
{% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %}
{% if line.startswith("sk-") %}
{{ line }} # {{ user }}
{% endif %}
{% endfor %}
{% endfor %}
- name: Collect servers SSH public keys to known_hosts - name: Collect servers SSH public keys to known_hosts
hosts: localhost hosts: localhost
connection: local connection: local
@ -19,10 +57,14 @@
dest: ssh_config dest: ssh_config
content: | content: |
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
# Use `ssh -F ssh_config ...` to connect to target machine or
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
{% for host in groups['all'] | sort %} {% for host in groups['all'] | sort %}
Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }} Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
User root User root
Hostname {{ hostvars[host].get('ansible_host', host) }} Hostname {{ hostvars[host].get('ansible_host', host) }}
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
{% endfor %} {% endfor %}

View File

@ -5,9 +5,11 @@ pattern =
deprecation_warnings = False deprecation_warnings = False
fact_caching = jsonfile fact_caching = jsonfile
fact_caching_connection = ~/.ansible/k-space-fact-cache fact_caching_connection = ~/.ansible/k-space-fact-cache
fact_caching_timeout = 7200
remote_user = root remote_user = root
[ssh_connection] [ssh_connection]
control_path = %(directory)s/%%r@%%h:%%p control_path = ~/.ssh/cm-%%r@%%h:%%p
ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ssh_config ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ssh_config
pipelining = True pipelining = True

View File

@ -1,4 +1,9 @@
all: all:
vars:
admins:
- lauri
- eaas
extra_admins: []
children: children:
misc: misc:
hosts: hosts:
@ -8,7 +13,7 @@ all:
ansible_host: 172.23.0.7 ansible_host: 172.23.0.7
proxmox: proxmox:
vars: vars:
admins: extra_admins:
- rasmus - rasmus
hosts: hosts:
pve1: pve1:
@ -63,9 +68,8 @@ all:
# ansible_host: 172.20.3.89 # ansible_host: 172.20.3.89
doors: doors:
vars: vars:
admins: extra_admins:
- arti - arti
- herman
hosts: hosts:
grounddoor: grounddoor:
ansible_host: 100.102.3.1 ansible_host: 100.102.3.1

View File

@ -1,121 +1,171 @@
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
# Use `ssh -F ssh_config ...` to connect to target machine or
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
Host backdoor 100.102.3.3 Host backdoor 100.102.3.3
User root User root
Hostname 100.102.3.3 Hostname 100.102.3.3
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host frontdoor 100.102.3.2 Host frontdoor 100.102.3.2
User root User root
Hostname 100.102.3.2 Hostname 100.102.3.2
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host grounddoor 100.102.3.1 Host grounddoor 100.102.3.1
User root User root
Hostname 100.102.3.1 Hostname 100.102.3.1
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host master1.kube.k-space.ee 172.21.3.51 Host master1.kube.k-space.ee 172.21.3.51
User root User root
Hostname 172.21.3.51 Hostname 172.21.3.51
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host master2.kube.k-space.ee 172.21.3.52 Host master2.kube.k-space.ee 172.21.3.52
User root User root
Hostname 172.21.3.52 Hostname 172.21.3.52
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host master3.kube.k-space.ee 172.21.3.53 Host master3.kube.k-space.ee 172.21.3.53
User root User root
Hostname 172.21.3.53 Hostname 172.21.3.53
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host mon1.kube.k-space.ee 172.21.3.61 Host mon1.kube.k-space.ee 172.21.3.61
User root User root
Hostname 172.21.3.61 Hostname 172.21.3.61
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host mon2.kube.k-space.ee 172.21.3.62 Host mon2.kube.k-space.ee 172.21.3.62
User root User root
Hostname 172.21.3.62 Hostname 172.21.3.62
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host mon3.kube.k-space.ee 172.21.3.63 Host mon3.kube.k-space.ee 172.21.3.63
User root User root
Hostname 172.21.3.63 Hostname 172.21.3.63
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host nas.k-space.ee 172.23.0.7 Host nas.k-space.ee 172.23.0.7
User root User root
Hostname 172.23.0.7 Hostname 172.23.0.7
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host ns1.k-space.ee 172.20.0.2 Host ns1.k-space.ee 172.20.0.2
User root User root
Hostname 172.20.0.2 Hostname 172.20.0.2
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host pve1 172.21.20.1 Host pve1 172.21.20.1
User root User root
Hostname 172.21.20.1 Hostname 172.21.20.1
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host pve2 172.21.20.2 Host pve2 172.21.20.2
User root User root
Hostname 172.21.20.2 Hostname 172.21.20.2
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host pve8 172.21.20.8 Host pve8 172.21.20.8
User root User root
Hostname 172.21.20.8 Hostname 172.21.20.8
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host pve9 172.21.20.9 Host pve9 172.21.20.9
User root User root
Hostname 172.21.20.9 Hostname 172.21.20.9
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host storage1.kube.k-space.ee 172.20.3.71 Host storage1.kube.k-space.ee 172.20.3.71
User root User root
Hostname 172.20.3.71 Hostname 172.20.3.71
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host storage2.kube.k-space.ee 172.20.3.72 Host storage2.kube.k-space.ee 172.20.3.72
User root User root
Hostname 172.20.3.72 Hostname 172.20.3.72
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host storage3.kube.k-space.ee 172.20.3.73 Host storage3.kube.k-space.ee 172.20.3.73
User root User root
Hostname 172.20.3.73 Hostname 172.20.3.73
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host storage4.kube.k-space.ee 172.20.3.74 Host storage4.kube.k-space.ee 172.20.3.74
User root User root
Hostname 172.20.3.74 Hostname 172.20.3.74
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host worker1.kube.k-space.ee 172.20.3.81 Host worker1.kube.k-space.ee 172.20.3.81
User root User root
Hostname 172.20.3.81 Hostname 172.20.3.81
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host worker2.kube.k-space.ee 172.20.3.82 Host worker2.kube.k-space.ee 172.20.3.82
User root User root
Hostname 172.20.3.82 Hostname 172.20.3.82
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host worker3.kube.k-space.ee 172.20.3.83 Host worker3.kube.k-space.ee 172.20.3.83
User root User root
Hostname 172.20.3.83 Hostname 172.20.3.83
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host worker4.kube.k-space.ee 172.20.3.84 Host worker4.kube.k-space.ee 172.20.3.84
User root User root
Hostname 172.20.3.84 Hostname 172.20.3.84
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host workshopdoor 100.102.3.4 Host workshopdoor 100.102.3.4
User root User root
Hostname 100.102.3.4 Hostname 100.102.3.4
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h