forked from k-space/kube
Reorder SSH key update playbook
This commit is contained in:
parent
9cf57d8bc6
commit
92459ed68b
@ -1,4 +1,36 @@
|
|||||||
---
|
---
|
||||||
|
- name: Collect servers SSH public keys to known_hosts
|
||||||
|
hosts: localhost
|
||||||
|
connection: local
|
||||||
|
vars:
|
||||||
|
targets: "{{ hostvars[groups['all']] }}"
|
||||||
|
tasks:
|
||||||
|
- name: Generate known_hosts
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: known_hosts
|
||||||
|
content: |
|
||||||
|
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||||
|
{% for host in groups['all'] | sort %}
|
||||||
|
{{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
|
||||||
|
hostvars[host].get('ansible_host', host))) }} # {{ host }}
|
||||||
|
{% endfor %}
|
||||||
|
- name: Generate ssh_config
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: ssh_config
|
||||||
|
content: |
|
||||||
|
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||||
|
# Use `ssh -F ssh_config ...` to connect to target machine or
|
||||||
|
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
|
||||||
|
{% for host in groups['all'] | sort %}
|
||||||
|
Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
|
||||||
|
User root
|
||||||
|
Hostname {{ hostvars[host].get('ansible_host', host) }}
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
- name: Pull authorized keys from Gitea
|
- name: Pull authorized keys from Gitea
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
connection: local
|
connection: local
|
||||||
@ -36,35 +68,3 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
- name: Collect servers SSH public keys to known_hosts
|
|
||||||
hosts: localhost
|
|
||||||
connection: local
|
|
||||||
vars:
|
|
||||||
targets: "{{ hostvars[groups['all']] }}"
|
|
||||||
tasks:
|
|
||||||
- name: Generate known_hosts
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: known_hosts
|
|
||||||
content: |
|
|
||||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
|
||||||
{% for host in groups['all'] | sort %}
|
|
||||||
{{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
|
|
||||||
hostvars[host].get('ansible_host', host))) }} # {{ host }}
|
|
||||||
{% endfor %}
|
|
||||||
- name: Generate ssh_config
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: ssh_config
|
|
||||||
content: |
|
|
||||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
|
||||||
# Use `ssh -F ssh_config ...` to connect to target machine or
|
|
||||||
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
|
|
||||||
{% for host in groups['all'] | sort %}
|
|
||||||
Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
|
|
||||||
User root
|
|
||||||
Hostname {{ hostvars[host].get('ansible_host', host) }}
|
|
||||||
GlobalKnownHostsFile known_hosts
|
|
||||||
UserKnownHostsFile /dev/null
|
|
||||||
ControlMaster auto
|
|
||||||
ControlPersist 8h
|
|
||||||
{% endfor %}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user