Reorder SSH key update playbook

2024-07-27 08:30:17 +03:00 · 2024-07-27 08:30:17 +03:00 · 92459ed68b
commit 92459ed68b
parent 9cf57d8bc6
1 changed files with 32 additions and 32 deletions
--- a/ansible-update-ssh-config.yaml
+++ b/ansible-update-ssh-config.yaml
@ -1,4 +1,36 @@
 ---
 - name: Collect servers SSH public keys to known_hosts
  hosts: localhost
  connection: local
  vars:
    targets: "{{ hostvars[groups['all']] }}"
  tasks:
    - name: Generate known_hosts
      ansible.builtin.copy:
        dest: known_hosts
        content: |
          # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
          {% for host in groups['all'] | sort %}
          {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
              hostvars[host].get('ansible_host', host))) }} # {{ host }}
          {% endfor %}
    - name: Generate ssh_config
      ansible.builtin.copy:
        dest: ssh_config
        content: |
          # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
          # Use `ssh -F ssh_config ...` to connect to target machine or
          # Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
          {% for host in groups['all'] | sort %}
          Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
              User root
              Hostname {{ hostvars[host].get('ansible_host', host) }}
              GlobalKnownHostsFile known_hosts
              UserKnownHostsFile /dev/null
              ControlMaster auto
              ControlPersist 8h
          {% endfor %}
 - name: Pull authorized keys from Gitea
  hosts: localhost
  connection: local
@ -36,35 +68,3 @@
          {% endif %}
          {% endfor %}
          {% endfor %}
 - name: Collect servers SSH public keys to known_hosts
  hosts: localhost
  connection: local
  vars:
    targets: "{{ hostvars[groups['all']] }}"
  tasks:
    - name: Generate known_hosts
      ansible.builtin.copy:
        dest: known_hosts
        content: |
          # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
          {% for host in groups['all'] | sort %}
          {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
              hostvars[host].get('ansible_host', host))) }} # {{ host }}
          {% endfor %}
    - name: Generate ssh_config
      ansible.builtin.copy:
        dest: ssh_config
        content: |
          # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
          # Use `ssh -F ssh_config ...` to connect to target machine or
          # Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
          {% for host in groups['all'] | sort %}
          Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
              User root
              Hostname {{ hostvars[host].get('ansible_host', host) }}
              GlobalKnownHostsFile known_hosts
              UserKnownHostsFile /dev/null
              ControlMaster auto
              ControlPersist 8h
          {% endfor %}