Add Ansible tasks to update authorized SSH keys
This commit is contained in:
parent
cb5644c7f3
commit
278817249e
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
||||
*.keys
|
||||
*secrets.yml
|
||||
*secret.yml
|
||||
*.swp
|
||||
|
@ -1,4 +1,42 @@
|
||||
---
|
||||
- name: Pull authorized keys from Gitea
|
||||
hosts: localhost
|
||||
connection: local
|
||||
vars:
|
||||
targets: "{{ hostvars[groups['all']] }}"
|
||||
tasks:
|
||||
- name: Download https://git.k-space.ee/user.keys
|
||||
loop:
|
||||
- arti
|
||||
- eaas
|
||||
- lauri
|
||||
- rasmus
|
||||
ansible.builtin.get_url:
|
||||
url: https://git.k-space.ee/{{ item }}.keys
|
||||
dest: "./{{ item }}.keys"
|
||||
|
||||
- name: Push authorized keys to targets
|
||||
hosts:
|
||||
- misc
|
||||
- kubernetes
|
||||
- doors
|
||||
tasks:
|
||||
- name: Generate /root/.ssh/authorized_keys
|
||||
ansible.builtin.copy:
|
||||
dest: "/root/.ssh/authorized_keys"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
content: |
|
||||
# Use `ansible-playbook ansible-update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
|
||||
{% for user in admins + extra_admins | unique | sort %}
|
||||
{% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %}
|
||||
{% if line.startswith("sk-") %}
|
||||
{{ line }} # {{ user }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
|
||||
- name: Collect servers SSH public keys to known_hosts
|
||||
hosts: localhost
|
||||
connection: local
|
||||
@ -19,10 +57,14 @@
|
||||
dest: ssh_config
|
||||
content: |
|
||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||
# Use `ssh -F ssh_config ...` to connect to target machine or
|
||||
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
|
||||
{% for host in groups['all'] | sort %}
|
||||
Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
|
||||
User root
|
||||
Hostname {{ hostvars[host].get('ansible_host', host) }}
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
{% endfor %}
|
||||
|
@ -5,9 +5,11 @@ pattern =
|
||||
deprecation_warnings = False
|
||||
fact_caching = jsonfile
|
||||
fact_caching_connection = ~/.ansible/k-space-fact-cache
|
||||
|
||||
fact_caching_timeout = 7200
|
||||
remote_user = root
|
||||
|
||||
[ssh_connection]
|
||||
control_path = %(directory)s/%%r@%%h:%%p
|
||||
control_path = ~/.ssh/cm-%%r@%%h:%%p
|
||||
ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ssh_config
|
||||
pipelining = True
|
||||
|
@ -1,4 +1,9 @@
|
||||
all:
|
||||
vars:
|
||||
admins:
|
||||
- lauri
|
||||
- eaas
|
||||
extra_admins: []
|
||||
children:
|
||||
misc:
|
||||
hosts:
|
||||
@ -8,7 +13,7 @@ all:
|
||||
ansible_host: 172.23.0.7
|
||||
proxmox:
|
||||
vars:
|
||||
admins:
|
||||
extra_admins:
|
||||
- rasmus
|
||||
hosts:
|
||||
pve1:
|
||||
@ -63,9 +68,8 @@ all:
|
||||
# ansible_host: 172.20.3.89
|
||||
doors:
|
||||
vars:
|
||||
admins:
|
||||
extra_admins:
|
||||
- arti
|
||||
- herman
|
||||
hosts:
|
||||
grounddoor:
|
||||
ansible_host: 100.102.3.1
|
||||
|
50
ssh_config
50
ssh_config
@ -1,121 +1,171 @@
|
||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||
# Use `ssh -F ssh_config ...` to connect to target machine or
|
||||
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
|
||||
Host backdoor 100.102.3.3
|
||||
User root
|
||||
Hostname 100.102.3.3
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host frontdoor 100.102.3.2
|
||||
User root
|
||||
Hostname 100.102.3.2
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host grounddoor 100.102.3.1
|
||||
User root
|
||||
Hostname 100.102.3.1
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host master1.kube.k-space.ee 172.21.3.51
|
||||
User root
|
||||
Hostname 172.21.3.51
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host master2.kube.k-space.ee 172.21.3.52
|
||||
User root
|
||||
Hostname 172.21.3.52
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host master3.kube.k-space.ee 172.21.3.53
|
||||
User root
|
||||
Hostname 172.21.3.53
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host mon1.kube.k-space.ee 172.21.3.61
|
||||
User root
|
||||
Hostname 172.21.3.61
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host mon2.kube.k-space.ee 172.21.3.62
|
||||
User root
|
||||
Hostname 172.21.3.62
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host mon3.kube.k-space.ee 172.21.3.63
|
||||
User root
|
||||
Hostname 172.21.3.63
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host nas.k-space.ee 172.23.0.7
|
||||
User root
|
||||
Hostname 172.23.0.7
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host ns1.k-space.ee 172.20.0.2
|
||||
User root
|
||||
Hostname 172.20.0.2
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host pve1 172.21.20.1
|
||||
User root
|
||||
Hostname 172.21.20.1
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host pve2 172.21.20.2
|
||||
User root
|
||||
Hostname 172.21.20.2
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host pve8 172.21.20.8
|
||||
User root
|
||||
Hostname 172.21.20.8
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host pve9 172.21.20.9
|
||||
User root
|
||||
Hostname 172.21.20.9
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host storage1.kube.k-space.ee 172.20.3.71
|
||||
User root
|
||||
Hostname 172.20.3.71
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host storage2.kube.k-space.ee 172.20.3.72
|
||||
User root
|
||||
Hostname 172.20.3.72
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host storage3.kube.k-space.ee 172.20.3.73
|
||||
User root
|
||||
Hostname 172.20.3.73
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host storage4.kube.k-space.ee 172.20.3.74
|
||||
User root
|
||||
Hostname 172.20.3.74
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host worker1.kube.k-space.ee 172.20.3.81
|
||||
User root
|
||||
Hostname 172.20.3.81
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host worker2.kube.k-space.ee 172.20.3.82
|
||||
User root
|
||||
Hostname 172.20.3.82
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host worker3.kube.k-space.ee 172.20.3.83
|
||||
User root
|
||||
Hostname 172.20.3.83
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host worker4.kube.k-space.ee 172.20.3.84
|
||||
User root
|
||||
Hostname 172.20.3.84
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host workshopdoor 100.102.3.4
|
||||
User root
|
||||
Hostname 100.102.3.4
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
|
Loading…
Reference in New Issue
Block a user