From 78ef148f83b451e4fd5c8393b4cfa17337a2623d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Fri, 19 Jul 2024 11:47:16 +0300 Subject: [PATCH] Add Ansible playbook to update known_hosts and ssh_config --- ansible-update-ssh-config.yaml | 28 ++++++++ ansible.cfg | 2 +- inventory.yml | 51 ++++++++++++-- known_hosts | 25 +++++++ ssh_config | 125 +++++++++++++++++++++++++++++++-- 5 files changed, 218 insertions(+), 13 deletions(-) create mode 100644 ansible-update-ssh-config.yaml create mode 100644 known_hosts diff --git a/ansible-update-ssh-config.yaml b/ansible-update-ssh-config.yaml new file mode 100644 index 0000000..4f6c2d5 --- /dev/null +++ b/ansible-update-ssh-config.yaml @@ -0,0 +1,28 @@ +--- +- name: Collect servers SSH public keys to known_hosts + hosts: localhost + connection: local + vars: + targets: "{{ hostvars[groups['all']] }}" + tasks: + - name: Generate known_hosts + ansible.builtin.copy: + dest: known_hosts + content: | + # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file + {% for host in groups['all'] | sort %} + {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % ( + hostvars[host].get('ansible_host', host))) }} # {{ host }} + {% endfor %} + - name: Generate ssh_config + ansible.builtin.copy: + dest: ssh_config + content: | + # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file + {% for host in groups['all'] | sort %} + Host {{ host }} + User root + Hostname {{ hostvars[host].get('ansible_host', host) }} + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null + {% endfor %} diff --git a/ansible.cfg b/ansible.cfg index fc206d3..62f5e28 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -9,4 +9,4 @@ fact_caching = jsonfile fact_caching_connection = ~/.ansible/k-space-fact-cache [ssh_connection] -ssh_args = -F ssh_config +ssh_args = -F ssh_config -M -S ~/.ssh/cm-%r@%h:%p diff --git a/inventory.yml b/inventory.yml index 7029eba..fe6da06 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,38 +1,77 @@ all: children: - bind: + misc: hosts: ns1.k-space.ee: + ansible_host: 172.23.0.2 + nas.k-space.ee: + ansible_host: 172.23.0.7 + proxmox: + vars: + admins: + - rasmus + hosts: + pve1: + ansible_host: 172.21.20.1 + pve2: + ansible_host: 172.21.20.2 + pve8: + ansible_host: 172.21.20.8 + pve9: + ansible_host: 172.21.20.9 kubernetes: children: masters: hosts: master1.kube.k-space.ee: + ansible_host: 172.21.3.51 master2.kube.k-space.ee: + ansible_host: 172.21.3.52 master3.kube.k-space.ee: + ansible_host: 172.21.3.53 kubelets: children: mon: hosts: mon1.kube.k-space.ee: + ansible_host: 172.21.3.61 mon2.kube.k-space.ee: + ansible_host: 172.21.3.62 mon3.kube.k-space.ee: + ansible_host: 172.21.3.63 storage: hosts: storage1.kube.k-space.ee: + ansible_host: 172.20.3.71 storage2.kube.k-space.ee: + ansible_host: 172.20.3.72 storage3.kube.k-space.ee: + ansible_host: 172.20.3.73 storage4.kube.k-space.ee: + ansible_host: 172.20.3.74 workers: hosts: worker1.kube.k-space.ee: + ansible_host: 172.20.3.81 worker2.kube.k-space.ee: + ansible_host: 172.20.3.82 worker3.kube.k-space.ee: + ansible_host: 172.20.3.83 worker4.kube.k-space.ee: - worker9.kube.k-space.ee: + ansible_host: 172.20.3.84 +# worker9.kube.k-space.ee: +# ansible_host: 172.20.3.89 doors: + vars: + admins: + - arti + - herman hosts: - 100.102.3.1: - 100.102.3.2: - 100.102.3.3: - 100.102.3.4: + grounddoor: + ansible_host: 100.102.3.1 + frontdoor: + ansible_host: 100.102.3.2 + backdoor: + ansible_host: 100.102.3.3 + workshopdoor: + ansible_host: 100.102.3.4 diff --git a/known_hosts b/known_hosts new file mode 100644 index 0000000..0db40af --- /dev/null +++ b/known_hosts @@ -0,0 +1,25 @@ +# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file +100.102.3.3 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN4SifLddYAz8CasmFwX5TQbiM8atAYMFuDQRchclHM0sq9Pi8wRxSZK8SHON4Y7YFsIY+cXnQ2Wx4FpzKmfJYE= # backdoor +100.102.3.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8/E7PDqTrTdU+MFurHkIPzTBTGcSJqXuv5n0Ugd/IlvOr2v+eYi3ma91pSBmF5Hjy9foWypCLZfH+vWMkV0gs= # frontdoor +100.102.3.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFcH8D2AhnESw3uu2f4EHBhT9rORQQJJ3TlbwN+kro5tRZsZk4p3MKabBiuCSZw2KWjfu0MY4yHSCrUUQrggJDM= # grounddoor +172.21.3.51 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYy07yLlOiFvXzmVDIULS9VDCMz7T+qOq4M+x8Lo3KEKamI6ZD737mvimPTW6K1FRBzzq67Mq495UnoFKVnQWE= # master1.kube.k-space.ee +172.21.3.52 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKRFfYDaTH58FUw+9stBVsyCviaPCGEbe9Y1a9WKvj98S7m+qU03YvtfPkRfEH/3iXHDvngEDVpJrTWW4y6e6MI= # master2.kube.k-space.ee +172.21.3.53 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIqIepuMkMo/KO3bb4X6lgb6YViAifPmgHXVrbtHwbOZLll5Qqr4pXdLDxkuZsmiE7iZBw2gSzZLcNMGdDEnWrY= # master3.kube.k-space.ee +172.21.3.61 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCJ9XgDz2NEzvjw/nDmRIKUJAmNqzsaXMJn4WFiWfTz1x2HrRcXgY3UXKWUxUvJO1jJ7hIvyE+V/8UtwYRDP1uY= # mon1.kube.k-space.ee +172.21.3.62 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLveng7H/2Gek+HYDYRWFD0Dy+4l/zjrbF2mnnkBI5CFOtqK0zwBh41IlizkpmmI5fqEIXwhLFHZEWXbUvev5oo= # mon2.kube.k-space.ee +172.21.3.63 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMgOIL43dgCYlwAI2O269iHxo7ymweG7NoXjnk2F529G5mP+mp5We4lDZEJVyLYtemvhQ2hEHI/WVPWy3SNiuM= # mon3.kube.k-space.ee +172.23.0.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC15tWIbuBqd4UZLaRbpb6oTlwniS4cg2IYZYe5ys352azj2kzOnvtCGiPo0fynFadwfDHtge9JjK6Efwl87Wgc= # nas.k-space.ee +172.23.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEP6i24/mo42DXrg5Mc8tZXvqZSqVP/7YqNWlK8oavtcOyfLBq2YuVMhQCDrCm5Hs4FM+qbdcPwEg55mhRJlQXg= # ns1.k-space.ee +172.21.20.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHLHc3T/J5G1CIf33XeniJk5+D0cpaXe0OkHmpCQ3DoZC3KkFBpA+/U1mlo+qb8xf/GrMj6BMMMLXKSUxbEVGaU= # pve1 +172.21.20.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGSRetFdHExRT69pHJAcuhqzAu+Xx4K2AEmWJhUZ2JYF7aa0JbltiYQs58Bpx9s9NA793tiHLZXABy56dI+D9Q= # pve2 +172.21.20.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzNvX3ga56EELcI9gV7moyFdKllSwb81V2tCWIjhFVSFTo3QKH/gX/MBnjcs+RxeVV3GF7zIIv8492bCvgiO9s= # pve8 +172.21.20.9 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNU4YzKSzzUSnAgh4L1DF3dlC1VEaKVaIeTgsL5VJ0UMqjPr+8QMjIvo28cSLfIQYtfoQbt7ASVsm0uDQvKOldM= # pve9 +172.20.3.71 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI2jy8EsMo7Voor4URCMdgiEzc0nmYDowV4gB2rZ6hnH7bcKGdaODsCyBH6nvbitgnESCC8136RmdxCnO9/TuJ0= # storage1.kube.k-space.ee +172.20.3.72 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKxa2PbOj7bV0AUkBZuPkQZ/3ZMeh1mUCD+rwB4+sXbvTc+ca+xgcPGdAozbY/cUA4GdaKelhjI9DEC46MeFymY= # storage2.kube.k-space.ee +172.20.3.73 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGYqNHAxwwoZqne/uv5syRb+tEwpbaGeK8oct4IjIHcmPdU32JlMiSqLX7d58t/b8tqE1z2rM4gCc4bpzvNrHMQ= # storage3.kube.k-space.ee +172.20.3.74 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI+FRuwbrUpMDg9gKf6AqcfovEkt8r5SgB4JXEuMD+I6pp+2PfbxMwrXQ8Xg3oHW+poG413KWw4FZOWv2gH4CEQ= # storage4.kube.k-space.ee +172.20.3.81 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPnmGiEWtWnNNcF872fhYKCD07QwOb75BDEwN3fC4QYmBAbiN0iX/UH96r02V5f7uga3a07/xxt5P0cfEOdtQwQ= # worker1.kube.k-space.ee +172.20.3.82 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBkSNAYeugxGvNmV3biY1s0BWPCEw3g3H0VWLomu/vPbg+GN10/A1pfgt62DHFCYDB6QZwkZM6HIFy8y0xhRl9g= # worker2.kube.k-space.ee +172.20.3.83 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBe+A9Bg54UwUvlPguKDyNAsX7mYbnfMOxhK2UP2YofPlzJ0KDUuH5mbmw76XWz0L6jhT6I7hyc0QsFBdO3ug68= # worker3.kube.k-space.ee +172.20.3.84 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKoNIL+kEYphi/yCdhIytxqRaucm2aTzFrmNN4gEjCrn4TK8A46fyqAuwmgyLQFm7RD5qcEKPWP57Cl0DhTU1T4= # worker4.kube.k-space.ee +100.102.3.4 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMpkSqEOyYrKXChxl6PAV+q0KypOPnKsXoXWO1JSZSIOwAs5YTzt8Q1Ryb+nQnAOlGj1AY1H7sRllTzdv0cA/EM= # workshopdoor diff --git a/ssh_config b/ssh_config index 105afbc..a5bac02 100644 --- a/ssh_config +++ b/ssh_config @@ -1,8 +1,121 @@ -Host * +# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file +Host backdoor User root - ControlPersist 8h - ControlMaster auto - ControlPath ~/.ssh/cm-%r@%h:%p - + Hostname 100.102.3.3 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host frontdoor + User root + Hostname 100.102.3.2 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host grounddoor + User root + Hostname 100.102.3.1 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host master1.kube.k-space.ee + User root + Hostname 172.21.3.51 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host master2.kube.k-space.ee + User root + Hostname 172.21.3.52 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host master3.kube.k-space.ee + User root + Hostname 172.21.3.53 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host mon1.kube.k-space.ee + User root + Hostname 172.21.3.61 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host mon2.kube.k-space.ee + User root + Hostname 172.21.3.62 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host mon3.kube.k-space.ee + User root + Hostname 172.21.3.63 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host nas.k-space.ee + User root + Hostname 172.23.0.7 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null Host ns1.k-space.ee - Hostname 172.20.0.2 + User root + Hostname 172.23.0.2 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host pve1 + User root + Hostname 172.21.20.1 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host pve2 + User root + Hostname 172.21.20.2 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host pve8 + User root + Hostname 172.21.20.8 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host pve9 + User root + Hostname 172.21.20.9 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host storage1.kube.k-space.ee + User root + Hostname 172.20.3.71 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host storage2.kube.k-space.ee + User root + Hostname 172.20.3.72 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host storage3.kube.k-space.ee + User root + Hostname 172.20.3.73 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host storage4.kube.k-space.ee + User root + Hostname 172.20.3.74 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host worker1.kube.k-space.ee + User root + Hostname 172.20.3.81 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host worker2.kube.k-space.ee + User root + Hostname 172.20.3.82 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host worker3.kube.k-space.ee + User root + Hostname 172.20.3.83 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host worker4.kube.k-space.ee + User root + Hostname 172.20.3.84 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null +Host workshopdoor + User root + Hostname 100.102.3.4 + GlobalKnownHostsFile known_hosts + UserKnownHostsFile /dev/null