--- - name: Collect servers SSH public keys to known_hosts hosts: localhost connection: local vars: targets: "{{ hostvars[groups['all']] }}" tasks: - name: Generate ssh_config ansible.builtin.copy: dest: ssh_config content: | # Use `ansible-playbook update-ssh-config.yml` to update this file # Use `ssh -F ssh_config ...` to connect to target machine or # Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config {% for host in groups['all'] | sort %} Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }} User root Hostname {{ hostvars[host].get('ansible_host', host) }} Port {{ hostvars[host].get('ansible_port', 22) }} GlobalKnownHostsFile known_hosts UserKnownHostsFile /dev/null ControlMaster auto ControlPersist 8h {% endfor %} - name: Generate known_hosts ansible.builtin.copy: dest: known_hosts content: | # Use `ansible-playbook update-ssh-config.yml` to update this file {% for host in groups['all'] | sort %} {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -p %d -t ecdsa %s' % ( hostvars[host].get('ansible_port', 22), hostvars[host].get('ansible_host', host))) }} # {{ host }} {% endfor %} - name: Pull authorized keys from Gitea hosts: localhost connection: local vars: targets: "{{ hostvars[groups['all']] }}" tasks: - name: Download https://git.k-space.ee/user.keys loop: - arti - eaas - lauri - rasmus ansible.builtin.get_url: url: https://git.k-space.ee/{{ item }}.keys dest: "./{{ item }}.keys" - name: Push authorized keys to targets hosts: - misc - kubernetes - doors tasks: - name: Generate /root/.ssh/authorized_keys ansible.builtin.copy: dest: "/root/.ssh/authorized_keys" owner: root group: root mode: '0644' content: | # Use `ansible-playbook update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file {% for user in admins + extra_admins | unique | sort %} {% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %} {% if line.startswith("sk-") %} {{ line }} # {{ user }} {% endif %} {% endfor %} {% endfor %}