Add Ansible tasks to update authorized SSH keys
This commit is contained in:
parent
cb5644c7f3
commit
278817249e
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
|||||||
|
*.keys
|
||||||
*secrets.yml
|
*secrets.yml
|
||||||
*secret.yml
|
*secret.yml
|
||||||
*.swp
|
*.swp
|
||||||
|
@ -1,4 +1,42 @@
|
|||||||
---
|
---
|
||||||
|
- name: Pull authorized keys from Gitea
|
||||||
|
hosts: localhost
|
||||||
|
connection: local
|
||||||
|
vars:
|
||||||
|
targets: "{{ hostvars[groups['all']] }}"
|
||||||
|
tasks:
|
||||||
|
- name: Download https://git.k-space.ee/user.keys
|
||||||
|
loop:
|
||||||
|
- arti
|
||||||
|
- eaas
|
||||||
|
- lauri
|
||||||
|
- rasmus
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://git.k-space.ee/{{ item }}.keys
|
||||||
|
dest: "./{{ item }}.keys"
|
||||||
|
|
||||||
|
- name: Push authorized keys to targets
|
||||||
|
hosts:
|
||||||
|
- misc
|
||||||
|
- kubernetes
|
||||||
|
- doors
|
||||||
|
tasks:
|
||||||
|
- name: Generate /root/.ssh/authorized_keys
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: "/root/.ssh/authorized_keys"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
content: |
|
||||||
|
# Use `ansible-playbook ansible-update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
|
||||||
|
{% for user in admins + extra_admins | unique | sort %}
|
||||||
|
{% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %}
|
||||||
|
{% if line.startswith("sk-") %}
|
||||||
|
{{ line }} # {{ user }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
- name: Collect servers SSH public keys to known_hosts
|
- name: Collect servers SSH public keys to known_hosts
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
connection: local
|
connection: local
|
||||||
@ -19,10 +57,14 @@
|
|||||||
dest: ssh_config
|
dest: ssh_config
|
||||||
content: |
|
content: |
|
||||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||||
|
# Use `ssh -F ssh_config ...` to connect to target machine or
|
||||||
|
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
|
||||||
{% for host in groups['all'] | sort %}
|
{% for host in groups['all'] | sort %}
|
||||||
Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
|
Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
|
||||||
User root
|
User root
|
||||||
Hostname {{ hostvars[host].get('ansible_host', host) }}
|
Hostname {{ hostvars[host].get('ansible_host', host) }}
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -5,9 +5,11 @@ pattern =
|
|||||||
deprecation_warnings = False
|
deprecation_warnings = False
|
||||||
fact_caching = jsonfile
|
fact_caching = jsonfile
|
||||||
fact_caching_connection = ~/.ansible/k-space-fact-cache
|
fact_caching_connection = ~/.ansible/k-space-fact-cache
|
||||||
|
|
||||||
|
fact_caching_timeout = 7200
|
||||||
remote_user = root
|
remote_user = root
|
||||||
|
|
||||||
[ssh_connection]
|
[ssh_connection]
|
||||||
control_path = %(directory)s/%%r@%%h:%%p
|
control_path = ~/.ssh/cm-%%r@%%h:%%p
|
||||||
ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ssh_config
|
ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ssh_config
|
||||||
pipelining = True
|
pipelining = True
|
||||||
|
@ -1,4 +1,9 @@
|
|||||||
all:
|
all:
|
||||||
|
vars:
|
||||||
|
admins:
|
||||||
|
- lauri
|
||||||
|
- eaas
|
||||||
|
extra_admins: []
|
||||||
children:
|
children:
|
||||||
misc:
|
misc:
|
||||||
hosts:
|
hosts:
|
||||||
@ -8,7 +13,7 @@ all:
|
|||||||
ansible_host: 172.23.0.7
|
ansible_host: 172.23.0.7
|
||||||
proxmox:
|
proxmox:
|
||||||
vars:
|
vars:
|
||||||
admins:
|
extra_admins:
|
||||||
- rasmus
|
- rasmus
|
||||||
hosts:
|
hosts:
|
||||||
pve1:
|
pve1:
|
||||||
@ -63,9 +68,8 @@ all:
|
|||||||
# ansible_host: 172.20.3.89
|
# ansible_host: 172.20.3.89
|
||||||
doors:
|
doors:
|
||||||
vars:
|
vars:
|
||||||
admins:
|
extra_admins:
|
||||||
- arti
|
- arti
|
||||||
- herman
|
|
||||||
hosts:
|
hosts:
|
||||||
grounddoor:
|
grounddoor:
|
||||||
ansible_host: 100.102.3.1
|
ansible_host: 100.102.3.1
|
||||||
|
50
ssh_config
50
ssh_config
@ -1,121 +1,171 @@
|
|||||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||||
|
# Use `ssh -F ssh_config ...` to connect to target machine or
|
||||||
|
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
|
||||||
Host backdoor 100.102.3.3
|
Host backdoor 100.102.3.3
|
||||||
User root
|
User root
|
||||||
Hostname 100.102.3.3
|
Hostname 100.102.3.3
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host frontdoor 100.102.3.2
|
Host frontdoor 100.102.3.2
|
||||||
User root
|
User root
|
||||||
Hostname 100.102.3.2
|
Hostname 100.102.3.2
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host grounddoor 100.102.3.1
|
Host grounddoor 100.102.3.1
|
||||||
User root
|
User root
|
||||||
Hostname 100.102.3.1
|
Hostname 100.102.3.1
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host master1.kube.k-space.ee 172.21.3.51
|
Host master1.kube.k-space.ee 172.21.3.51
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.3.51
|
Hostname 172.21.3.51
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host master2.kube.k-space.ee 172.21.3.52
|
Host master2.kube.k-space.ee 172.21.3.52
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.3.52
|
Hostname 172.21.3.52
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host master3.kube.k-space.ee 172.21.3.53
|
Host master3.kube.k-space.ee 172.21.3.53
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.3.53
|
Hostname 172.21.3.53
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host mon1.kube.k-space.ee 172.21.3.61
|
Host mon1.kube.k-space.ee 172.21.3.61
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.3.61
|
Hostname 172.21.3.61
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host mon2.kube.k-space.ee 172.21.3.62
|
Host mon2.kube.k-space.ee 172.21.3.62
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.3.62
|
Hostname 172.21.3.62
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host mon3.kube.k-space.ee 172.21.3.63
|
Host mon3.kube.k-space.ee 172.21.3.63
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.3.63
|
Hostname 172.21.3.63
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host nas.k-space.ee 172.23.0.7
|
Host nas.k-space.ee 172.23.0.7
|
||||||
User root
|
User root
|
||||||
Hostname 172.23.0.7
|
Hostname 172.23.0.7
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host ns1.k-space.ee 172.20.0.2
|
Host ns1.k-space.ee 172.20.0.2
|
||||||
User root
|
User root
|
||||||
Hostname 172.20.0.2
|
Hostname 172.20.0.2
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host pve1 172.21.20.1
|
Host pve1 172.21.20.1
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.20.1
|
Hostname 172.21.20.1
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host pve2 172.21.20.2
|
Host pve2 172.21.20.2
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.20.2
|
Hostname 172.21.20.2
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host pve8 172.21.20.8
|
Host pve8 172.21.20.8
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.20.8
|
Hostname 172.21.20.8
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host pve9 172.21.20.9
|
Host pve9 172.21.20.9
|
||||||
User root
|
User root
|
||||||
Hostname 172.21.20.9
|
Hostname 172.21.20.9
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host storage1.kube.k-space.ee 172.20.3.71
|
Host storage1.kube.k-space.ee 172.20.3.71
|
||||||
User root
|
User root
|
||||||
Hostname 172.20.3.71
|
Hostname 172.20.3.71
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host storage2.kube.k-space.ee 172.20.3.72
|
Host storage2.kube.k-space.ee 172.20.3.72
|
||||||
User root
|
User root
|
||||||
Hostname 172.20.3.72
|
Hostname 172.20.3.72
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host storage3.kube.k-space.ee 172.20.3.73
|
Host storage3.kube.k-space.ee 172.20.3.73
|
||||||
User root
|
User root
|
||||||
Hostname 172.20.3.73
|
Hostname 172.20.3.73
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host storage4.kube.k-space.ee 172.20.3.74
|
Host storage4.kube.k-space.ee 172.20.3.74
|
||||||
User root
|
User root
|
||||||
Hostname 172.20.3.74
|
Hostname 172.20.3.74
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host worker1.kube.k-space.ee 172.20.3.81
|
Host worker1.kube.k-space.ee 172.20.3.81
|
||||||
User root
|
User root
|
||||||
Hostname 172.20.3.81
|
Hostname 172.20.3.81
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host worker2.kube.k-space.ee 172.20.3.82
|
Host worker2.kube.k-space.ee 172.20.3.82
|
||||||
User root
|
User root
|
||||||
Hostname 172.20.3.82
|
Hostname 172.20.3.82
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host worker3.kube.k-space.ee 172.20.3.83
|
Host worker3.kube.k-space.ee 172.20.3.83
|
||||||
User root
|
User root
|
||||||
Hostname 172.20.3.83
|
Hostname 172.20.3.83
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host worker4.kube.k-space.ee 172.20.3.84
|
Host worker4.kube.k-space.ee 172.20.3.84
|
||||||
User root
|
User root
|
||||||
Hostname 172.20.3.84
|
Hostname 172.20.3.84
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
Host workshopdoor 100.102.3.4
|
Host workshopdoor 100.102.3.4
|
||||||
User root
|
User root
|
||||||
Hostname 100.102.3.4
|
Hostname 100.102.3.4
|
||||||
GlobalKnownHostsFile known_hosts
|
GlobalKnownHostsFile known_hosts
|
||||||
UserKnownHostsFile /dev/null
|
UserKnownHostsFile /dev/null
|
||||||
|
ControlMaster auto
|
||||||
|
ControlPersist 8h
|
||||||
|
Loading…
Reference in New Issue
Block a user