Prepare for separation of ansible Git repo

This commit is contained in:
Lauri Võsandi 2024-07-28 11:23:31 +03:00
parent 9c2b5c39ee
commit 4e80899c77
4 changed files with 51 additions and 15 deletions

View File

@ -1,5 +1,5 @@
[defaults] [defaults]
inventory = ansible/inventory.yml inventory = inventory.yml
nocows = 1 nocows = 1
pattern = pattern =
deprecation_warnings = False deprecation_warnings = False
@ -11,5 +11,5 @@ remote_user = root
[ssh_connection] [ssh_connection]
control_path = ~/.ssh/cm-%%r@%%h:%%p control_path = ~/.ssh/cm-%%r@%%h:%%p
ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ansible/ssh_config ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ssh_config
pipelining = True pipelining = True

View File

@ -1,4 +1,4 @@
# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file # Use `ansible-playbook update-ssh-config.yml` to update this file
100.102.3.3 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN4SifLddYAz8CasmFwX5TQbiM8atAYMFuDQRchclHM0sq9Pi8wRxSZK8SHON4Y7YFsIY+cXnQ2Wx4FpzKmfJYE= # backdoor 100.102.3.3 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN4SifLddYAz8CasmFwX5TQbiM8atAYMFuDQRchclHM0sq9Pi8wRxSZK8SHON4Y7YFsIY+cXnQ2Wx4FpzKmfJYE= # backdoor
100.102.3.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8/E7PDqTrTdU+MFurHkIPzTBTGcSJqXuv5n0Ugd/IlvOr2v+eYi3ma91pSBmF5Hjy9foWypCLZfH+vWMkV0gs= # frontdoor 100.102.3.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8/E7PDqTrTdU+MFurHkIPzTBTGcSJqXuv5n0Ugd/IlvOr2v+eYi3ma91pSBmF5Hjy9foWypCLZfH+vWMkV0gs= # frontdoor
100.102.3.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFcH8D2AhnESw3uu2f4EHBhT9rORQQJJ3TlbwN+kro5tRZsZk4p3MKabBiuCSZw2KWjfu0MY4yHSCrUUQrggJDM= # grounddoor 100.102.3.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFcH8D2AhnESw3uu2f4EHBhT9rORQQJJ3TlbwN+kro5tRZsZk4p3MKabBiuCSZw2KWjfu0MY4yHSCrUUQrggJDM= # grounddoor
@ -10,6 +10,7 @@
172.21.3.63 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMgOIL43dgCYlwAI2O269iHxo7ymweG7NoXjnk2F529G5mP+mp5We4lDZEJVyLYtemvhQ2hEHI/WVPWy3SNiuM= # mon3.kube.k-space.ee 172.21.3.63 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMgOIL43dgCYlwAI2O269iHxo7ymweG7NoXjnk2F529G5mP+mp5We4lDZEJVyLYtemvhQ2hEHI/WVPWy3SNiuM= # mon3.kube.k-space.ee
172.23.0.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC15tWIbuBqd4UZLaRbpb6oTlwniS4cg2IYZYe5ys352azj2kzOnvtCGiPo0fynFadwfDHtge9JjK6Efwl87Wgc= # nas.k-space.ee 172.23.0.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC15tWIbuBqd4UZLaRbpb6oTlwniS4cg2IYZYe5ys352azj2kzOnvtCGiPo0fynFadwfDHtge9JjK6Efwl87Wgc= # nas.k-space.ee
172.20.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO77ffkJi903aA6cM7HnFfSyYbPP4jkydI/+/tIGeMv+c9BYOE27n+ylNERaEhYkyddIx93MB4M6GYRyQOjLWSc= # ns1.k-space.ee 172.20.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO77ffkJi903aA6cM7HnFfSyYbPP4jkydI/+/tIGeMv+c9BYOE27n+ylNERaEhYkyddIx93MB4M6GYRyQOjLWSc= # ns1.k-space.ee
[78.28.64.17]:10648 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7J61p3YzsbRAYtXIrhQUeqc47LuVw1I38egHzi/kLG+CFPsyB9krd29yJMyLRjyM+m5qUjoxNiWK/x0g3jKOI= # offsite
172.21.20.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHLHc3T/J5G1CIf33XeniJk5+D0cpaXe0OkHmpCQ3DoZC3KkFBpA+/U1mlo+qb8xf/GrMj6BMMMLXKSUxbEVGaU= # pve1 172.21.20.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHLHc3T/J5G1CIf33XeniJk5+D0cpaXe0OkHmpCQ3DoZC3KkFBpA+/U1mlo+qb8xf/GrMj6BMMMLXKSUxbEVGaU= # pve1
172.21.20.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGSRetFdHExRT69pHJAcuhqzAu+Xx4K2AEmWJhUZ2JYF7aa0JbltiYQs58Bpx9s9NA793tiHLZXABy56dI+D9Q= # pve2 172.21.20.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGSRetFdHExRT69pHJAcuhqzAu+Xx4K2AEmWJhUZ2JYF7aa0JbltiYQs58Bpx9s9NA793tiHLZXABy56dI+D9Q= # pve2
172.21.20.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzNvX3ga56EELcI9gV7moyFdKllSwb81V2tCWIjhFVSFTo3QKH/gX/MBnjcs+RxeVV3GF7zIIv8492bCvgiO9s= # pve8 172.21.20.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzNvX3ga56EELcI9gV7moyFdKllSwb81V2tCWIjhFVSFTo3QKH/gX/MBnjcs+RxeVV3GF7zIIv8492bCvgiO9s= # pve8

View File

@ -1,9 +1,10 @@
# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file # Use `ansible-playbook update-ssh-config.yml` to update this file
# Use `ssh -F ssh_config ...` to connect to target machine or # Use `ssh -F ssh_config ...` to connect to target machine or
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config # Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
Host backdoor 100.102.3.3 Host backdoor 100.102.3.3
User root User root
Hostname 100.102.3.3 Hostname 100.102.3.3
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -11,6 +12,7 @@ Host backdoor 100.102.3.3
Host frontdoor 100.102.3.2 Host frontdoor 100.102.3.2
User root User root
Hostname 100.102.3.2 Hostname 100.102.3.2
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -18,6 +20,7 @@ Host frontdoor 100.102.3.2
Host grounddoor 100.102.3.1 Host grounddoor 100.102.3.1
User root User root
Hostname 100.102.3.1 Hostname 100.102.3.1
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -25,6 +28,7 @@ Host grounddoor 100.102.3.1
Host master1.kube.k-space.ee 172.21.3.51 Host master1.kube.k-space.ee 172.21.3.51
User root User root
Hostname 172.21.3.51 Hostname 172.21.3.51
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -32,6 +36,7 @@ Host master1.kube.k-space.ee 172.21.3.51
Host master2.kube.k-space.ee 172.21.3.52 Host master2.kube.k-space.ee 172.21.3.52
User root User root
Hostname 172.21.3.52 Hostname 172.21.3.52
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -39,6 +44,7 @@ Host master2.kube.k-space.ee 172.21.3.52
Host master3.kube.k-space.ee 172.21.3.53 Host master3.kube.k-space.ee 172.21.3.53
User root User root
Hostname 172.21.3.53 Hostname 172.21.3.53
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -46,6 +52,7 @@ Host master3.kube.k-space.ee 172.21.3.53
Host mon1.kube.k-space.ee 172.21.3.61 Host mon1.kube.k-space.ee 172.21.3.61
User root User root
Hostname 172.21.3.61 Hostname 172.21.3.61
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -53,6 +60,7 @@ Host mon1.kube.k-space.ee 172.21.3.61
Host mon2.kube.k-space.ee 172.21.3.62 Host mon2.kube.k-space.ee 172.21.3.62
User root User root
Hostname 172.21.3.62 Hostname 172.21.3.62
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -60,6 +68,7 @@ Host mon2.kube.k-space.ee 172.21.3.62
Host mon3.kube.k-space.ee 172.21.3.63 Host mon3.kube.k-space.ee 172.21.3.63
User root User root
Hostname 172.21.3.63 Hostname 172.21.3.63
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -67,6 +76,7 @@ Host mon3.kube.k-space.ee 172.21.3.63
Host nas.k-space.ee 172.23.0.7 Host nas.k-space.ee 172.23.0.7
User root User root
Hostname 172.23.0.7 Hostname 172.23.0.7
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -74,6 +84,15 @@ Host nas.k-space.ee 172.23.0.7
Host ns1.k-space.ee 172.20.0.2 Host ns1.k-space.ee 172.20.0.2
User root User root
Hostname 172.20.0.2 Hostname 172.20.0.2
Port 22
GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null
ControlMaster auto
ControlPersist 8h
Host offsite 78.28.64.17
User root
Hostname 78.28.64.17
Port 10648
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -81,6 +100,7 @@ Host ns1.k-space.ee 172.20.0.2
Host pve1 172.21.20.1 Host pve1 172.21.20.1
User root User root
Hostname 172.21.20.1 Hostname 172.21.20.1
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -88,6 +108,7 @@ Host pve1 172.21.20.1
Host pve2 172.21.20.2 Host pve2 172.21.20.2
User root User root
Hostname 172.21.20.2 Hostname 172.21.20.2
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -95,6 +116,7 @@ Host pve2 172.21.20.2
Host pve8 172.21.20.8 Host pve8 172.21.20.8
User root User root
Hostname 172.21.20.8 Hostname 172.21.20.8
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -102,6 +124,7 @@ Host pve8 172.21.20.8
Host pve9 172.21.20.9 Host pve9 172.21.20.9
User root User root
Hostname 172.21.20.9 Hostname 172.21.20.9
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -109,6 +132,7 @@ Host pve9 172.21.20.9
Host storage1.kube.k-space.ee 172.21.3.71 Host storage1.kube.k-space.ee 172.21.3.71
User root User root
Hostname 172.21.3.71 Hostname 172.21.3.71
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -116,6 +140,7 @@ Host storage1.kube.k-space.ee 172.21.3.71
Host storage2.kube.k-space.ee 172.21.3.72 Host storage2.kube.k-space.ee 172.21.3.72
User root User root
Hostname 172.21.3.72 Hostname 172.21.3.72
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -123,6 +148,7 @@ Host storage2.kube.k-space.ee 172.21.3.72
Host storage3.kube.k-space.ee 172.21.3.73 Host storage3.kube.k-space.ee 172.21.3.73
User root User root
Hostname 172.21.3.73 Hostname 172.21.3.73
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -130,6 +156,7 @@ Host storage3.kube.k-space.ee 172.21.3.73
Host storage4.kube.k-space.ee 172.21.3.74 Host storage4.kube.k-space.ee 172.21.3.74
User root User root
Hostname 172.21.3.74 Hostname 172.21.3.74
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -137,6 +164,7 @@ Host storage4.kube.k-space.ee 172.21.3.74
Host worker1.kube.k-space.ee 172.20.3.81 Host worker1.kube.k-space.ee 172.20.3.81
User root User root
Hostname 172.20.3.81 Hostname 172.20.3.81
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -144,6 +172,7 @@ Host worker1.kube.k-space.ee 172.20.3.81
Host worker2.kube.k-space.ee 172.20.3.82 Host worker2.kube.k-space.ee 172.20.3.82
User root User root
Hostname 172.20.3.82 Hostname 172.20.3.82
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -151,6 +180,7 @@ Host worker2.kube.k-space.ee 172.20.3.82
Host worker3.kube.k-space.ee 172.20.3.83 Host worker3.kube.k-space.ee 172.20.3.83
User root User root
Hostname 172.20.3.83 Hostname 172.20.3.83
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -158,6 +188,7 @@ Host worker3.kube.k-space.ee 172.20.3.83
Host worker4.kube.k-space.ee 172.20.3.84 Host worker4.kube.k-space.ee 172.20.3.84
User root User root
Hostname 172.20.3.84 Hostname 172.20.3.84
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -165,6 +196,7 @@ Host worker4.kube.k-space.ee 172.20.3.84
Host worker9.kube.k-space.ee 172.20.3.89 Host worker9.kube.k-space.ee 172.20.3.89
User root User root
Hostname 172.20.3.89 Hostname 172.20.3.89
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
@ -172,6 +204,7 @@ Host worker9.kube.k-space.ee 172.20.3.89
Host workshopdoor 100.102.3.4 Host workshopdoor 100.102.3.4
User root User root
Hostname 100.102.3.4 Hostname 100.102.3.4
Port 22
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto

View File

@ -5,31 +5,33 @@
vars: vars:
targets: "{{ hostvars[groups['all']] }}" targets: "{{ hostvars[groups['all']] }}"
tasks: tasks:
- name: Generate known_hosts
ansible.builtin.copy:
dest: known_hosts
content: |
# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
{% for host in groups['all'] | sort %}
{{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
hostvars[host].get('ansible_host', host))) }} # {{ host }}
{% endfor %}
- name: Generate ssh_config - name: Generate ssh_config
ansible.builtin.copy: ansible.builtin.copy:
dest: ssh_config dest: ssh_config
content: | content: |
# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file # Use `ansible-playbook update-ssh-config.yml` to update this file
# Use `ssh -F ssh_config ...` to connect to target machine or # Use `ssh -F ssh_config ...` to connect to target machine or
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config # Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
{% for host in groups['all'] | sort %} {% for host in groups['all'] | sort %}
Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }} Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
User root User root
Hostname {{ hostvars[host].get('ansible_host', host) }} Hostname {{ hostvars[host].get('ansible_host', host) }}
Port {{ hostvars[host].get('ansible_port', 22) }}
GlobalKnownHostsFile known_hosts GlobalKnownHostsFile known_hosts
UserKnownHostsFile /dev/null UserKnownHostsFile /dev/null
ControlMaster auto ControlMaster auto
ControlPersist 8h ControlPersist 8h
{% endfor %} {% endfor %}
- name: Generate known_hosts
ansible.builtin.copy:
dest: known_hosts
content: |
# Use `ansible-playbook update-ssh-config.yml` to update this file
{% for host in groups['all'] | sort %}
{{ lookup('ansible.builtin.pipe', 'ssh-keyscan -p %d -t ecdsa %s' % (
hostvars[host].get('ansible_port', 22),
hostvars[host].get('ansible_host', host))) }} # {{ host }}
{% endfor %}
- name: Pull authorized keys from Gitea - name: Pull authorized keys from Gitea
hosts: localhost hosts: localhost
@ -60,7 +62,7 @@
group: root group: root
mode: '0644' mode: '0644'
content: | content: |
# Use `ansible-playbook ansible/update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file # Use `ansible-playbook update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
{% for user in admins + extra_admins | unique | sort %} {% for user in admins + extra_admins | unique | sort %}
{% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %} {% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %}
{% if line.startswith("sk-") %} {% if line.startswith("sk-") %}