Add Ansible playbook to update known_hosts and ssh_config
This commit is contained in:
parent
c2b9ed0368
commit
78ef148f83
28
ansible-update-ssh-config.yaml
Normal file
28
ansible-update-ssh-config.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
- name: Collect servers SSH public keys to known_hosts
|
||||
hosts: localhost
|
||||
connection: local
|
||||
vars:
|
||||
targets: "{{ hostvars[groups['all']] }}"
|
||||
tasks:
|
||||
- name: Generate known_hosts
|
||||
ansible.builtin.copy:
|
||||
dest: known_hosts
|
||||
content: |
|
||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||
{% for host in groups['all'] | sort %}
|
||||
{{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
|
||||
hostvars[host].get('ansible_host', host))) }} # {{ host }}
|
||||
{% endfor %}
|
||||
- name: Generate ssh_config
|
||||
ansible.builtin.copy:
|
||||
dest: ssh_config
|
||||
content: |
|
||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||
{% for host in groups['all'] | sort %}
|
||||
Host {{ host }}
|
||||
User root
|
||||
Hostname {{ hostvars[host].get('ansible_host', host) }}
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
{% endfor %}
|
@ -9,4 +9,4 @@ fact_caching = jsonfile
|
||||
fact_caching_connection = ~/.ansible/k-space-fact-cache
|
||||
|
||||
[ssh_connection]
|
||||
ssh_args = -F ssh_config
|
||||
ssh_args = -F ssh_config -M -S ~/.ssh/cm-%r@%h:%p
|
||||
|
@ -1,38 +1,77 @@
|
||||
all:
|
||||
children:
|
||||
bind:
|
||||
misc:
|
||||
hosts:
|
||||
ns1.k-space.ee:
|
||||
ansible_host: 172.23.0.2
|
||||
nas.k-space.ee:
|
||||
ansible_host: 172.23.0.7
|
||||
proxmox:
|
||||
vars:
|
||||
admins:
|
||||
- rasmus
|
||||
hosts:
|
||||
pve1:
|
||||
ansible_host: 172.21.20.1
|
||||
pve2:
|
||||
ansible_host: 172.21.20.2
|
||||
pve8:
|
||||
ansible_host: 172.21.20.8
|
||||
pve9:
|
||||
ansible_host: 172.21.20.9
|
||||
kubernetes:
|
||||
children:
|
||||
masters:
|
||||
hosts:
|
||||
master1.kube.k-space.ee:
|
||||
ansible_host: 172.21.3.51
|
||||
master2.kube.k-space.ee:
|
||||
ansible_host: 172.21.3.52
|
||||
master3.kube.k-space.ee:
|
||||
ansible_host: 172.21.3.53
|
||||
kubelets:
|
||||
children:
|
||||
mon:
|
||||
hosts:
|
||||
mon1.kube.k-space.ee:
|
||||
ansible_host: 172.21.3.61
|
||||
mon2.kube.k-space.ee:
|
||||
ansible_host: 172.21.3.62
|
||||
mon3.kube.k-space.ee:
|
||||
ansible_host: 172.21.3.63
|
||||
storage:
|
||||
hosts:
|
||||
storage1.kube.k-space.ee:
|
||||
ansible_host: 172.20.3.71
|
||||
storage2.kube.k-space.ee:
|
||||
ansible_host: 172.20.3.72
|
||||
storage3.kube.k-space.ee:
|
||||
ansible_host: 172.20.3.73
|
||||
storage4.kube.k-space.ee:
|
||||
ansible_host: 172.20.3.74
|
||||
workers:
|
||||
hosts:
|
||||
worker1.kube.k-space.ee:
|
||||
ansible_host: 172.20.3.81
|
||||
worker2.kube.k-space.ee:
|
||||
ansible_host: 172.20.3.82
|
||||
worker3.kube.k-space.ee:
|
||||
ansible_host: 172.20.3.83
|
||||
worker4.kube.k-space.ee:
|
||||
worker9.kube.k-space.ee:
|
||||
ansible_host: 172.20.3.84
|
||||
# worker9.kube.k-space.ee:
|
||||
# ansible_host: 172.20.3.89
|
||||
doors:
|
||||
vars:
|
||||
admins:
|
||||
- arti
|
||||
- herman
|
||||
hosts:
|
||||
100.102.3.1:
|
||||
100.102.3.2:
|
||||
100.102.3.3:
|
||||
100.102.3.4:
|
||||
grounddoor:
|
||||
ansible_host: 100.102.3.1
|
||||
frontdoor:
|
||||
ansible_host: 100.102.3.2
|
||||
backdoor:
|
||||
ansible_host: 100.102.3.3
|
||||
workshopdoor:
|
||||
ansible_host: 100.102.3.4
|
||||
|
25
known_hosts
Normal file
25
known_hosts
Normal file
@ -0,0 +1,25 @@
|
||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||
100.102.3.3 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN4SifLddYAz8CasmFwX5TQbiM8atAYMFuDQRchclHM0sq9Pi8wRxSZK8SHON4Y7YFsIY+cXnQ2Wx4FpzKmfJYE= # backdoor
|
||||
100.102.3.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8/E7PDqTrTdU+MFurHkIPzTBTGcSJqXuv5n0Ugd/IlvOr2v+eYi3ma91pSBmF5Hjy9foWypCLZfH+vWMkV0gs= # frontdoor
|
||||
100.102.3.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFcH8D2AhnESw3uu2f4EHBhT9rORQQJJ3TlbwN+kro5tRZsZk4p3MKabBiuCSZw2KWjfu0MY4yHSCrUUQrggJDM= # grounddoor
|
||||
172.21.3.51 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYy07yLlOiFvXzmVDIULS9VDCMz7T+qOq4M+x8Lo3KEKamI6ZD737mvimPTW6K1FRBzzq67Mq495UnoFKVnQWE= # master1.kube.k-space.ee
|
||||
172.21.3.52 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKRFfYDaTH58FUw+9stBVsyCviaPCGEbe9Y1a9WKvj98S7m+qU03YvtfPkRfEH/3iXHDvngEDVpJrTWW4y6e6MI= # master2.kube.k-space.ee
|
||||
172.21.3.53 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIqIepuMkMo/KO3bb4X6lgb6YViAifPmgHXVrbtHwbOZLll5Qqr4pXdLDxkuZsmiE7iZBw2gSzZLcNMGdDEnWrY= # master3.kube.k-space.ee
|
||||
172.21.3.61 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCJ9XgDz2NEzvjw/nDmRIKUJAmNqzsaXMJn4WFiWfTz1x2HrRcXgY3UXKWUxUvJO1jJ7hIvyE+V/8UtwYRDP1uY= # mon1.kube.k-space.ee
|
||||
172.21.3.62 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLveng7H/2Gek+HYDYRWFD0Dy+4l/zjrbF2mnnkBI5CFOtqK0zwBh41IlizkpmmI5fqEIXwhLFHZEWXbUvev5oo= # mon2.kube.k-space.ee
|
||||
172.21.3.63 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMgOIL43dgCYlwAI2O269iHxo7ymweG7NoXjnk2F529G5mP+mp5We4lDZEJVyLYtemvhQ2hEHI/WVPWy3SNiuM= # mon3.kube.k-space.ee
|
||||
172.23.0.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC15tWIbuBqd4UZLaRbpb6oTlwniS4cg2IYZYe5ys352azj2kzOnvtCGiPo0fynFadwfDHtge9JjK6Efwl87Wgc= # nas.k-space.ee
|
||||
172.23.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEP6i24/mo42DXrg5Mc8tZXvqZSqVP/7YqNWlK8oavtcOyfLBq2YuVMhQCDrCm5Hs4FM+qbdcPwEg55mhRJlQXg= # ns1.k-space.ee
|
||||
172.21.20.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHLHc3T/J5G1CIf33XeniJk5+D0cpaXe0OkHmpCQ3DoZC3KkFBpA+/U1mlo+qb8xf/GrMj6BMMMLXKSUxbEVGaU= # pve1
|
||||
172.21.20.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGSRetFdHExRT69pHJAcuhqzAu+Xx4K2AEmWJhUZ2JYF7aa0JbltiYQs58Bpx9s9NA793tiHLZXABy56dI+D9Q= # pve2
|
||||
172.21.20.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzNvX3ga56EELcI9gV7moyFdKllSwb81V2tCWIjhFVSFTo3QKH/gX/MBnjcs+RxeVV3GF7zIIv8492bCvgiO9s= # pve8
|
||||
172.21.20.9 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNU4YzKSzzUSnAgh4L1DF3dlC1VEaKVaIeTgsL5VJ0UMqjPr+8QMjIvo28cSLfIQYtfoQbt7ASVsm0uDQvKOldM= # pve9
|
||||
172.20.3.71 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI2jy8EsMo7Voor4URCMdgiEzc0nmYDowV4gB2rZ6hnH7bcKGdaODsCyBH6nvbitgnESCC8136RmdxCnO9/TuJ0= # storage1.kube.k-space.ee
|
||||
172.20.3.72 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKxa2PbOj7bV0AUkBZuPkQZ/3ZMeh1mUCD+rwB4+sXbvTc+ca+xgcPGdAozbY/cUA4GdaKelhjI9DEC46MeFymY= # storage2.kube.k-space.ee
|
||||
172.20.3.73 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGYqNHAxwwoZqne/uv5syRb+tEwpbaGeK8oct4IjIHcmPdU32JlMiSqLX7d58t/b8tqE1z2rM4gCc4bpzvNrHMQ= # storage3.kube.k-space.ee
|
||||
172.20.3.74 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI+FRuwbrUpMDg9gKf6AqcfovEkt8r5SgB4JXEuMD+I6pp+2PfbxMwrXQ8Xg3oHW+poG413KWw4FZOWv2gH4CEQ= # storage4.kube.k-space.ee
|
||||
172.20.3.81 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPnmGiEWtWnNNcF872fhYKCD07QwOb75BDEwN3fC4QYmBAbiN0iX/UH96r02V5f7uga3a07/xxt5P0cfEOdtQwQ= # worker1.kube.k-space.ee
|
||||
172.20.3.82 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBkSNAYeugxGvNmV3biY1s0BWPCEw3g3H0VWLomu/vPbg+GN10/A1pfgt62DHFCYDB6QZwkZM6HIFy8y0xhRl9g= # worker2.kube.k-space.ee
|
||||
172.20.3.83 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBe+A9Bg54UwUvlPguKDyNAsX7mYbnfMOxhK2UP2YofPlzJ0KDUuH5mbmw76XWz0L6jhT6I7hyc0QsFBdO3ug68= # worker3.kube.k-space.ee
|
||||
172.20.3.84 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKoNIL+kEYphi/yCdhIytxqRaucm2aTzFrmNN4gEjCrn4TK8A46fyqAuwmgyLQFm7RD5qcEKPWP57Cl0DhTU1T4= # worker4.kube.k-space.ee
|
||||
100.102.3.4 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMpkSqEOyYrKXChxl6PAV+q0KypOPnKsXoXWO1JSZSIOwAs5YTzt8Q1Ryb+nQnAOlGj1AY1H7sRllTzdv0cA/EM= # workshopdoor
|
125
ssh_config
125
ssh_config
@ -1,8 +1,121 @@
|
||||
Host *
|
||||
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||
Host backdoor
|
||||
User root
|
||||
ControlPersist 8h
|
||||
ControlMaster auto
|
||||
ControlPath ~/.ssh/cm-%r@%h:%p
|
||||
|
||||
Hostname 100.102.3.3
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host frontdoor
|
||||
User root
|
||||
Hostname 100.102.3.2
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host grounddoor
|
||||
User root
|
||||
Hostname 100.102.3.1
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host master1.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.21.3.51
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host master2.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.21.3.52
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host master3.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.21.3.53
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host mon1.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.21.3.61
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host mon2.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.21.3.62
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host mon3.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.21.3.63
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host nas.k-space.ee
|
||||
User root
|
||||
Hostname 172.23.0.7
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host ns1.k-space.ee
|
||||
Hostname 172.20.0.2
|
||||
User root
|
||||
Hostname 172.23.0.2
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host pve1
|
||||
User root
|
||||
Hostname 172.21.20.1
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host pve2
|
||||
User root
|
||||
Hostname 172.21.20.2
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host pve8
|
||||
User root
|
||||
Hostname 172.21.20.8
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host pve9
|
||||
User root
|
||||
Hostname 172.21.20.9
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host storage1.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.20.3.71
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host storage2.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.20.3.72
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host storage3.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.20.3.73
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host storage4.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.20.3.74
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host worker1.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.20.3.81
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host worker2.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.20.3.82
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host worker3.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.20.3.83
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host worker4.kube.k-space.ee
|
||||
User root
|
||||
Hostname 172.20.3.84
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
Host workshopdoor
|
||||
User root
|
||||
Hostname 100.102.3.4
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
|
Loading…
Reference in New Issue
Block a user