forked from k-space/kube
Prepare for separation of ansible Git repo
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
[defaults]
|
||||
inventory = ansible/inventory.yml
|
||||
inventory = inventory.yml
|
||||
nocows = 1
|
||||
pattern =
|
||||
deprecation_warnings = False
|
||||
@@ -11,5 +11,5 @@ remote_user = root
|
||||
|
||||
[ssh_connection]
|
||||
control_path = ~/.ssh/cm-%%r@%%h:%%p
|
||||
ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ansible/ssh_config
|
||||
ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ssh_config
|
||||
pipelining = True
|
||||
@@ -1,4 +1,4 @@
|
||||
# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
|
||||
# Use `ansible-playbook update-ssh-config.yml` to update this file
|
||||
100.102.3.3 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN4SifLddYAz8CasmFwX5TQbiM8atAYMFuDQRchclHM0sq9Pi8wRxSZK8SHON4Y7YFsIY+cXnQ2Wx4FpzKmfJYE= # backdoor
|
||||
100.102.3.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8/E7PDqTrTdU+MFurHkIPzTBTGcSJqXuv5n0Ugd/IlvOr2v+eYi3ma91pSBmF5Hjy9foWypCLZfH+vWMkV0gs= # frontdoor
|
||||
100.102.3.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFcH8D2AhnESw3uu2f4EHBhT9rORQQJJ3TlbwN+kro5tRZsZk4p3MKabBiuCSZw2KWjfu0MY4yHSCrUUQrggJDM= # grounddoor
|
||||
@@ -10,6 +10,7 @@
|
||||
172.21.3.63 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMgOIL43dgCYlwAI2O269iHxo7ymweG7NoXjnk2F529G5mP+mp5We4lDZEJVyLYtemvhQ2hEHI/WVPWy3SNiuM= # mon3.kube.k-space.ee
|
||||
172.23.0.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC15tWIbuBqd4UZLaRbpb6oTlwniS4cg2IYZYe5ys352azj2kzOnvtCGiPo0fynFadwfDHtge9JjK6Efwl87Wgc= # nas.k-space.ee
|
||||
172.20.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO77ffkJi903aA6cM7HnFfSyYbPP4jkydI/+/tIGeMv+c9BYOE27n+ylNERaEhYkyddIx93MB4M6GYRyQOjLWSc= # ns1.k-space.ee
|
||||
[78.28.64.17]:10648 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7J61p3YzsbRAYtXIrhQUeqc47LuVw1I38egHzi/kLG+CFPsyB9krd29yJMyLRjyM+m5qUjoxNiWK/x0g3jKOI= # offsite
|
||||
172.21.20.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHLHc3T/J5G1CIf33XeniJk5+D0cpaXe0OkHmpCQ3DoZC3KkFBpA+/U1mlo+qb8xf/GrMj6BMMMLXKSUxbEVGaU= # pve1
|
||||
172.21.20.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGSRetFdHExRT69pHJAcuhqzAu+Xx4K2AEmWJhUZ2JYF7aa0JbltiYQs58Bpx9s9NA793tiHLZXABy56dI+D9Q= # pve2
|
||||
172.21.20.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzNvX3ga56EELcI9gV7moyFdKllSwb81V2tCWIjhFVSFTo3QKH/gX/MBnjcs+RxeVV3GF7zIIv8492bCvgiO9s= # pve8
|
||||
@@ -1,9 +1,10 @@
|
||||
# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
|
||||
# Use `ansible-playbook update-ssh-config.yml` to update this file
|
||||
# Use `ssh -F ssh_config ...` to connect to target machine or
|
||||
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
|
||||
Host backdoor 100.102.3.3
|
||||
User root
|
||||
Hostname 100.102.3.3
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -11,6 +12,7 @@ Host backdoor 100.102.3.3
|
||||
Host frontdoor 100.102.3.2
|
||||
User root
|
||||
Hostname 100.102.3.2
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -18,6 +20,7 @@ Host frontdoor 100.102.3.2
|
||||
Host grounddoor 100.102.3.1
|
||||
User root
|
||||
Hostname 100.102.3.1
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -25,6 +28,7 @@ Host grounddoor 100.102.3.1
|
||||
Host master1.kube.k-space.ee 172.21.3.51
|
||||
User root
|
||||
Hostname 172.21.3.51
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -32,6 +36,7 @@ Host master1.kube.k-space.ee 172.21.3.51
|
||||
Host master2.kube.k-space.ee 172.21.3.52
|
||||
User root
|
||||
Hostname 172.21.3.52
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -39,6 +44,7 @@ Host master2.kube.k-space.ee 172.21.3.52
|
||||
Host master3.kube.k-space.ee 172.21.3.53
|
||||
User root
|
||||
Hostname 172.21.3.53
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -46,6 +52,7 @@ Host master3.kube.k-space.ee 172.21.3.53
|
||||
Host mon1.kube.k-space.ee 172.21.3.61
|
||||
User root
|
||||
Hostname 172.21.3.61
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -53,6 +60,7 @@ Host mon1.kube.k-space.ee 172.21.3.61
|
||||
Host mon2.kube.k-space.ee 172.21.3.62
|
||||
User root
|
||||
Hostname 172.21.3.62
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -60,6 +68,7 @@ Host mon2.kube.k-space.ee 172.21.3.62
|
||||
Host mon3.kube.k-space.ee 172.21.3.63
|
||||
User root
|
||||
Hostname 172.21.3.63
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -67,6 +76,7 @@ Host mon3.kube.k-space.ee 172.21.3.63
|
||||
Host nas.k-space.ee 172.23.0.7
|
||||
User root
|
||||
Hostname 172.23.0.7
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -74,6 +84,15 @@ Host nas.k-space.ee 172.23.0.7
|
||||
Host ns1.k-space.ee 172.20.0.2
|
||||
User root
|
||||
Hostname 172.20.0.2
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
Host offsite 78.28.64.17
|
||||
User root
|
||||
Hostname 78.28.64.17
|
||||
Port 10648
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -81,6 +100,7 @@ Host ns1.k-space.ee 172.20.0.2
|
||||
Host pve1 172.21.20.1
|
||||
User root
|
||||
Hostname 172.21.20.1
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -88,6 +108,7 @@ Host pve1 172.21.20.1
|
||||
Host pve2 172.21.20.2
|
||||
User root
|
||||
Hostname 172.21.20.2
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -95,6 +116,7 @@ Host pve2 172.21.20.2
|
||||
Host pve8 172.21.20.8
|
||||
User root
|
||||
Hostname 172.21.20.8
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -102,6 +124,7 @@ Host pve8 172.21.20.8
|
||||
Host pve9 172.21.20.9
|
||||
User root
|
||||
Hostname 172.21.20.9
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -109,6 +132,7 @@ Host pve9 172.21.20.9
|
||||
Host storage1.kube.k-space.ee 172.21.3.71
|
||||
User root
|
||||
Hostname 172.21.3.71
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -116,6 +140,7 @@ Host storage1.kube.k-space.ee 172.21.3.71
|
||||
Host storage2.kube.k-space.ee 172.21.3.72
|
||||
User root
|
||||
Hostname 172.21.3.72
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -123,6 +148,7 @@ Host storage2.kube.k-space.ee 172.21.3.72
|
||||
Host storage3.kube.k-space.ee 172.21.3.73
|
||||
User root
|
||||
Hostname 172.21.3.73
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -130,6 +156,7 @@ Host storage3.kube.k-space.ee 172.21.3.73
|
||||
Host storage4.kube.k-space.ee 172.21.3.74
|
||||
User root
|
||||
Hostname 172.21.3.74
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -137,6 +164,7 @@ Host storage4.kube.k-space.ee 172.21.3.74
|
||||
Host worker1.kube.k-space.ee 172.20.3.81
|
||||
User root
|
||||
Hostname 172.20.3.81
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -144,6 +172,7 @@ Host worker1.kube.k-space.ee 172.20.3.81
|
||||
Host worker2.kube.k-space.ee 172.20.3.82
|
||||
User root
|
||||
Hostname 172.20.3.82
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -151,6 +180,7 @@ Host worker2.kube.k-space.ee 172.20.3.82
|
||||
Host worker3.kube.k-space.ee 172.20.3.83
|
||||
User root
|
||||
Hostname 172.20.3.83
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -158,6 +188,7 @@ Host worker3.kube.k-space.ee 172.20.3.83
|
||||
Host worker4.kube.k-space.ee 172.20.3.84
|
||||
User root
|
||||
Hostname 172.20.3.84
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -165,6 +196,7 @@ Host worker4.kube.k-space.ee 172.20.3.84
|
||||
Host worker9.kube.k-space.ee 172.20.3.89
|
||||
User root
|
||||
Hostname 172.20.3.89
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
@@ -172,6 +204,7 @@ Host worker9.kube.k-space.ee 172.20.3.89
|
||||
Host workshopdoor 100.102.3.4
|
||||
User root
|
||||
Hostname 100.102.3.4
|
||||
Port 22
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
|
||||
@@ -5,31 +5,33 @@
|
||||
vars:
|
||||
targets: "{{ hostvars[groups['all']] }}"
|
||||
tasks:
|
||||
- name: Generate known_hosts
|
||||
ansible.builtin.copy:
|
||||
dest: known_hosts
|
||||
content: |
|
||||
# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
|
||||
{% for host in groups['all'] | sort %}
|
||||
{{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
|
||||
hostvars[host].get('ansible_host', host))) }} # {{ host }}
|
||||
{% endfor %}
|
||||
- name: Generate ssh_config
|
||||
ansible.builtin.copy:
|
||||
dest: ssh_config
|
||||
content: |
|
||||
# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
|
||||
# Use `ansible-playbook update-ssh-config.yml` to update this file
|
||||
# Use `ssh -F ssh_config ...` to connect to target machine or
|
||||
# Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
|
||||
{% for host in groups['all'] | sort %}
|
||||
Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
|
||||
User root
|
||||
Hostname {{ hostvars[host].get('ansible_host', host) }}
|
||||
Port {{ hostvars[host].get('ansible_port', 22) }}
|
||||
GlobalKnownHostsFile known_hosts
|
||||
UserKnownHostsFile /dev/null
|
||||
ControlMaster auto
|
||||
ControlPersist 8h
|
||||
{% endfor %}
|
||||
- name: Generate known_hosts
|
||||
ansible.builtin.copy:
|
||||
dest: known_hosts
|
||||
content: |
|
||||
# Use `ansible-playbook update-ssh-config.yml` to update this file
|
||||
{% for host in groups['all'] | sort %}
|
||||
{{ lookup('ansible.builtin.pipe', 'ssh-keyscan -p %d -t ecdsa %s' % (
|
||||
hostvars[host].get('ansible_port', 22),
|
||||
hostvars[host].get('ansible_host', host))) }} # {{ host }}
|
||||
{% endfor %}
|
||||
|
||||
- name: Pull authorized keys from Gitea
|
||||
hosts: localhost
|
||||
@@ -60,7 +62,7 @@
|
||||
group: root
|
||||
mode: '0644'
|
||||
content: |
|
||||
# Use `ansible-playbook ansible/update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
|
||||
# Use `ansible-playbook update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
|
||||
{% for user in admins + extra_admins | unique | sort %}
|
||||
{% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %}
|
||||
{% if line.startswith("sk-") %}
|
||||
|
||||
Reference in New Issue
Block a user