forked from k-space/kube
Add Ansible playbook to update known_hosts and ssh_config
This commit is contained in:
28
ansible-update-ssh-config.yaml
Normal file
28
ansible-update-ssh-config.yaml
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
---
|
||||||
|
- name: Collect servers SSH public keys to known_hosts
|
||||||
|
hosts: localhost
|
||||||
|
connection: local
|
||||||
|
vars:
|
||||||
|
targets: "{{ hostvars[groups['all']] }}"
|
||||||
|
tasks:
|
||||||
|
- name: Generate known_hosts
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: known_hosts
|
||||||
|
content: |
|
||||||
|
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||||
|
{% for host in groups['all'] | sort %}
|
||||||
|
{{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
|
||||||
|
hostvars[host].get('ansible_host', host))) }} # {{ host }}
|
||||||
|
{% endfor %}
|
||||||
|
- name: Generate ssh_config
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: ssh_config
|
||||||
|
content: |
|
||||||
|
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||||
|
{% for host in groups['all'] | sort %}
|
||||||
|
Host {{ host }}
|
||||||
|
User root
|
||||||
|
Hostname {{ hostvars[host].get('ansible_host', host) }}
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
{% endfor %}
|
||||||
@@ -9,4 +9,4 @@ fact_caching = jsonfile
|
|||||||
fact_caching_connection = ~/.ansible/k-space-fact-cache
|
fact_caching_connection = ~/.ansible/k-space-fact-cache
|
||||||
|
|
||||||
[ssh_connection]
|
[ssh_connection]
|
||||||
ssh_args = -F ssh_config
|
ssh_args = -F ssh_config -M -S ~/.ssh/cm-%r@%h:%p
|
||||||
|
|||||||
@@ -1,38 +1,77 @@
|
|||||||
all:
|
all:
|
||||||
children:
|
children:
|
||||||
bind:
|
misc:
|
||||||
hosts:
|
hosts:
|
||||||
ns1.k-space.ee:
|
ns1.k-space.ee:
|
||||||
|
ansible_host: 172.23.0.2
|
||||||
|
nas.k-space.ee:
|
||||||
|
ansible_host: 172.23.0.7
|
||||||
|
proxmox:
|
||||||
|
vars:
|
||||||
|
admins:
|
||||||
|
- rasmus
|
||||||
|
hosts:
|
||||||
|
pve1:
|
||||||
|
ansible_host: 172.21.20.1
|
||||||
|
pve2:
|
||||||
|
ansible_host: 172.21.20.2
|
||||||
|
pve8:
|
||||||
|
ansible_host: 172.21.20.8
|
||||||
|
pve9:
|
||||||
|
ansible_host: 172.21.20.9
|
||||||
kubernetes:
|
kubernetes:
|
||||||
children:
|
children:
|
||||||
masters:
|
masters:
|
||||||
hosts:
|
hosts:
|
||||||
master1.kube.k-space.ee:
|
master1.kube.k-space.ee:
|
||||||
|
ansible_host: 172.21.3.51
|
||||||
master2.kube.k-space.ee:
|
master2.kube.k-space.ee:
|
||||||
|
ansible_host: 172.21.3.52
|
||||||
master3.kube.k-space.ee:
|
master3.kube.k-space.ee:
|
||||||
|
ansible_host: 172.21.3.53
|
||||||
kubelets:
|
kubelets:
|
||||||
children:
|
children:
|
||||||
mon:
|
mon:
|
||||||
hosts:
|
hosts:
|
||||||
mon1.kube.k-space.ee:
|
mon1.kube.k-space.ee:
|
||||||
|
ansible_host: 172.21.3.61
|
||||||
mon2.kube.k-space.ee:
|
mon2.kube.k-space.ee:
|
||||||
|
ansible_host: 172.21.3.62
|
||||||
mon3.kube.k-space.ee:
|
mon3.kube.k-space.ee:
|
||||||
|
ansible_host: 172.21.3.63
|
||||||
storage:
|
storage:
|
||||||
hosts:
|
hosts:
|
||||||
storage1.kube.k-space.ee:
|
storage1.kube.k-space.ee:
|
||||||
|
ansible_host: 172.20.3.71
|
||||||
storage2.kube.k-space.ee:
|
storage2.kube.k-space.ee:
|
||||||
|
ansible_host: 172.20.3.72
|
||||||
storage3.kube.k-space.ee:
|
storage3.kube.k-space.ee:
|
||||||
|
ansible_host: 172.20.3.73
|
||||||
storage4.kube.k-space.ee:
|
storage4.kube.k-space.ee:
|
||||||
|
ansible_host: 172.20.3.74
|
||||||
workers:
|
workers:
|
||||||
hosts:
|
hosts:
|
||||||
worker1.kube.k-space.ee:
|
worker1.kube.k-space.ee:
|
||||||
|
ansible_host: 172.20.3.81
|
||||||
worker2.kube.k-space.ee:
|
worker2.kube.k-space.ee:
|
||||||
|
ansible_host: 172.20.3.82
|
||||||
worker3.kube.k-space.ee:
|
worker3.kube.k-space.ee:
|
||||||
|
ansible_host: 172.20.3.83
|
||||||
worker4.kube.k-space.ee:
|
worker4.kube.k-space.ee:
|
||||||
worker9.kube.k-space.ee:
|
ansible_host: 172.20.3.84
|
||||||
|
# worker9.kube.k-space.ee:
|
||||||
|
# ansible_host: 172.20.3.89
|
||||||
doors:
|
doors:
|
||||||
|
vars:
|
||||||
|
admins:
|
||||||
|
- arti
|
||||||
|
- herman
|
||||||
hosts:
|
hosts:
|
||||||
100.102.3.1:
|
grounddoor:
|
||||||
100.102.3.2:
|
ansible_host: 100.102.3.1
|
||||||
100.102.3.3:
|
frontdoor:
|
||||||
100.102.3.4:
|
ansible_host: 100.102.3.2
|
||||||
|
backdoor:
|
||||||
|
ansible_host: 100.102.3.3
|
||||||
|
workshopdoor:
|
||||||
|
ansible_host: 100.102.3.4
|
||||||
|
|||||||
25
known_hosts
Normal file
25
known_hosts
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||||
|
100.102.3.3 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN4SifLddYAz8CasmFwX5TQbiM8atAYMFuDQRchclHM0sq9Pi8wRxSZK8SHON4Y7YFsIY+cXnQ2Wx4FpzKmfJYE= # backdoor
|
||||||
|
100.102.3.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8/E7PDqTrTdU+MFurHkIPzTBTGcSJqXuv5n0Ugd/IlvOr2v+eYi3ma91pSBmF5Hjy9foWypCLZfH+vWMkV0gs= # frontdoor
|
||||||
|
100.102.3.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFcH8D2AhnESw3uu2f4EHBhT9rORQQJJ3TlbwN+kro5tRZsZk4p3MKabBiuCSZw2KWjfu0MY4yHSCrUUQrggJDM= # grounddoor
|
||||||
|
172.21.3.51 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYy07yLlOiFvXzmVDIULS9VDCMz7T+qOq4M+x8Lo3KEKamI6ZD737mvimPTW6K1FRBzzq67Mq495UnoFKVnQWE= # master1.kube.k-space.ee
|
||||||
|
172.21.3.52 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKRFfYDaTH58FUw+9stBVsyCviaPCGEbe9Y1a9WKvj98S7m+qU03YvtfPkRfEH/3iXHDvngEDVpJrTWW4y6e6MI= # master2.kube.k-space.ee
|
||||||
|
172.21.3.53 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIqIepuMkMo/KO3bb4X6lgb6YViAifPmgHXVrbtHwbOZLll5Qqr4pXdLDxkuZsmiE7iZBw2gSzZLcNMGdDEnWrY= # master3.kube.k-space.ee
|
||||||
|
172.21.3.61 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCJ9XgDz2NEzvjw/nDmRIKUJAmNqzsaXMJn4WFiWfTz1x2HrRcXgY3UXKWUxUvJO1jJ7hIvyE+V/8UtwYRDP1uY= # mon1.kube.k-space.ee
|
||||||
|
172.21.3.62 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLveng7H/2Gek+HYDYRWFD0Dy+4l/zjrbF2mnnkBI5CFOtqK0zwBh41IlizkpmmI5fqEIXwhLFHZEWXbUvev5oo= # mon2.kube.k-space.ee
|
||||||
|
172.21.3.63 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMgOIL43dgCYlwAI2O269iHxo7ymweG7NoXjnk2F529G5mP+mp5We4lDZEJVyLYtemvhQ2hEHI/WVPWy3SNiuM= # mon3.kube.k-space.ee
|
||||||
|
172.23.0.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC15tWIbuBqd4UZLaRbpb6oTlwniS4cg2IYZYe5ys352azj2kzOnvtCGiPo0fynFadwfDHtge9JjK6Efwl87Wgc= # nas.k-space.ee
|
||||||
|
172.23.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEP6i24/mo42DXrg5Mc8tZXvqZSqVP/7YqNWlK8oavtcOyfLBq2YuVMhQCDrCm5Hs4FM+qbdcPwEg55mhRJlQXg= # ns1.k-space.ee
|
||||||
|
172.21.20.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHLHc3T/J5G1CIf33XeniJk5+D0cpaXe0OkHmpCQ3DoZC3KkFBpA+/U1mlo+qb8xf/GrMj6BMMMLXKSUxbEVGaU= # pve1
|
||||||
|
172.21.20.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGSRetFdHExRT69pHJAcuhqzAu+Xx4K2AEmWJhUZ2JYF7aa0JbltiYQs58Bpx9s9NA793tiHLZXABy56dI+D9Q= # pve2
|
||||||
|
172.21.20.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzNvX3ga56EELcI9gV7moyFdKllSwb81V2tCWIjhFVSFTo3QKH/gX/MBnjcs+RxeVV3GF7zIIv8492bCvgiO9s= # pve8
|
||||||
|
172.21.20.9 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNU4YzKSzzUSnAgh4L1DF3dlC1VEaKVaIeTgsL5VJ0UMqjPr+8QMjIvo28cSLfIQYtfoQbt7ASVsm0uDQvKOldM= # pve9
|
||||||
|
172.20.3.71 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI2jy8EsMo7Voor4URCMdgiEzc0nmYDowV4gB2rZ6hnH7bcKGdaODsCyBH6nvbitgnESCC8136RmdxCnO9/TuJ0= # storage1.kube.k-space.ee
|
||||||
|
172.20.3.72 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKxa2PbOj7bV0AUkBZuPkQZ/3ZMeh1mUCD+rwB4+sXbvTc+ca+xgcPGdAozbY/cUA4GdaKelhjI9DEC46MeFymY= # storage2.kube.k-space.ee
|
||||||
|
172.20.3.73 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGYqNHAxwwoZqne/uv5syRb+tEwpbaGeK8oct4IjIHcmPdU32JlMiSqLX7d58t/b8tqE1z2rM4gCc4bpzvNrHMQ= # storage3.kube.k-space.ee
|
||||||
|
172.20.3.74 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI+FRuwbrUpMDg9gKf6AqcfovEkt8r5SgB4JXEuMD+I6pp+2PfbxMwrXQ8Xg3oHW+poG413KWw4FZOWv2gH4CEQ= # storage4.kube.k-space.ee
|
||||||
|
172.20.3.81 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPnmGiEWtWnNNcF872fhYKCD07QwOb75BDEwN3fC4QYmBAbiN0iX/UH96r02V5f7uga3a07/xxt5P0cfEOdtQwQ= # worker1.kube.k-space.ee
|
||||||
|
172.20.3.82 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBkSNAYeugxGvNmV3biY1s0BWPCEw3g3H0VWLomu/vPbg+GN10/A1pfgt62DHFCYDB6QZwkZM6HIFy8y0xhRl9g= # worker2.kube.k-space.ee
|
||||||
|
172.20.3.83 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBe+A9Bg54UwUvlPguKDyNAsX7mYbnfMOxhK2UP2YofPlzJ0KDUuH5mbmw76XWz0L6jhT6I7hyc0QsFBdO3ug68= # worker3.kube.k-space.ee
|
||||||
|
172.20.3.84 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKoNIL+kEYphi/yCdhIytxqRaucm2aTzFrmNN4gEjCrn4TK8A46fyqAuwmgyLQFm7RD5qcEKPWP57Cl0DhTU1T4= # worker4.kube.k-space.ee
|
||||||
|
100.102.3.4 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMpkSqEOyYrKXChxl6PAV+q0KypOPnKsXoXWO1JSZSIOwAs5YTzt8Q1Ryb+nQnAOlGj1AY1H7sRllTzdv0cA/EM= # workshopdoor
|
||||||
125
ssh_config
125
ssh_config
@@ -1,8 +1,121 @@
|
|||||||
Host *
|
# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
|
||||||
|
Host backdoor
|
||||||
User root
|
User root
|
||||||
ControlPersist 8h
|
Hostname 100.102.3.3
|
||||||
ControlMaster auto
|
GlobalKnownHostsFile known_hosts
|
||||||
ControlPath ~/.ssh/cm-%r@%h:%p
|
UserKnownHostsFile /dev/null
|
||||||
|
Host frontdoor
|
||||||
|
User root
|
||||||
|
Hostname 100.102.3.2
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host grounddoor
|
||||||
|
User root
|
||||||
|
Hostname 100.102.3.1
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host master1.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.21.3.51
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host master2.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.21.3.52
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host master3.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.21.3.53
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host mon1.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.21.3.61
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host mon2.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.21.3.62
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host mon3.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.21.3.63
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host nas.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.23.0.7
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
Host ns1.k-space.ee
|
Host ns1.k-space.ee
|
||||||
Hostname 172.20.0.2
|
User root
|
||||||
|
Hostname 172.23.0.2
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host pve1
|
||||||
|
User root
|
||||||
|
Hostname 172.21.20.1
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host pve2
|
||||||
|
User root
|
||||||
|
Hostname 172.21.20.2
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host pve8
|
||||||
|
User root
|
||||||
|
Hostname 172.21.20.8
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host pve9
|
||||||
|
User root
|
||||||
|
Hostname 172.21.20.9
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host storage1.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.20.3.71
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host storage2.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.20.3.72
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host storage3.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.20.3.73
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host storage4.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.20.3.74
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host worker1.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.20.3.81
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host worker2.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.20.3.82
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host worker3.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.20.3.83
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host worker4.kube.k-space.ee
|
||||||
|
User root
|
||||||
|
Hostname 172.20.3.84
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
Host workshopdoor
|
||||||
|
User root
|
||||||
|
Hostname 100.102.3.4
|
||||||
|
GlobalKnownHostsFile known_hosts
|
||||||
|
UserKnownHostsFile /dev/null
|
||||||
|
|||||||
Reference in New Issue
Block a user