ssh-key-rotation-role/tasks/main.yml

---
# tasks file for ssh-key-rotation
- name: Generate New ssh Keys
  command:
    ssh-keygen
      -t rsa
      -b {{ ssh_key_bits }}
      -N "{{ passphrase }}" -q
      -f {{ lookup('env','HOME')}}/{{ ssh_key_path }}
      -C {{ ssh_key_comment }}
  when: inventory_hostname == play_hosts[0]
  args:
    creates: "{{ lookup('env','HOME')}}/{{ ssh_key_path }}"
  delegate_to: localhost

- name: Store then value of the ssh key path
  set_fact: key_path={{ lookup('env','HOME')}}/{{ ssh_key_path }}

- name: Set Authorized key(s) to the authorized keys file
  become: yes
  become_user: root
  authorized_key:
    exclusive: '{{ is_exclusive }}'
    user: '{{ ssh_host_user }}'
    state: present
    path: '{{ authorized_keys_path }}'
    manage_dir: '{{ should_manage_dir }}'
    key: "{{ lookup('file', key_path + '.pub') }}"

- name: Test if the new ssh key is allowed to make connections
  shell: ssh {{ssh_host_user }}@{{ inventory_hostname }} "echo success"
  delegate_to: localhost
ft(ssh-rotation): Rotate ssh keys - add task to generate new keys - add task to rotate new keys - add new key to inventory 2017-02-16 03:41:30 +08:00			`---`
			`# tasks file for ssh-key-rotation`
			`- name: Generate New ssh Keys`
			`command:`
ft(readme): modify readme - add sample usage - add description of the role - add licence of the role 2017-02-16 04:02:00 +08:00			`ssh-keygen`
			`-t rsa`
			`-b {{ ssh_key_bits }}`
ft(ssh-rotation): Rotate ssh keys - add task to generate new keys - add task to rotate new keys - add new key to inventory 2017-02-16 03:41:30 +08:00			`-N "{{ passphrase }}" -q`
ft(readme): modify readme - add sample usage - add description of the role - add licence of the role 2017-02-16 04:02:00 +08:00			`-f {{ lookup('env','HOME')}}/{{ ssh_key_path }}`
			`-C {{ ssh_key_comment }}`
ft(ssh-rotation): Rotate ssh keys - add task to generate new keys - add task to rotate new keys - add new key to inventory 2017-02-16 03:41:30 +08:00			`when: inventory_hostname == play_hosts[0]`
ft(readme): modify readme - add sample usage - add description of the role - add licence of the role 2017-02-16 04:02:00 +08:00			`args:`
			`creates: "{{ lookup('env','HOME')}}/{{ ssh_key_path }}"`
ft(ssh-rotation): Rotate ssh keys - add task to generate new keys - add task to rotate new keys - add new key to inventory 2017-02-16 03:41:30 +08:00			`delegate_to: localhost`

ft(readme): modify readme - add sample usage - add description of the role - add licence of the role 2017-02-16 04:02:00 +08:00			`- name: Store then value of the ssh key path`
			`set_fact: key_path={{ lookup('env','HOME')}}/{{ ssh_key_path }}`

ft(ssh-rotation): Rotate ssh keys - add task to generate new keys - add task to rotate new keys - add new key to inventory 2017-02-16 03:41:30 +08:00			`- name: Set Authorized key(s) to the authorized keys file`
			`become: yes`
			`become_user: root`
			`authorized_key:`
			`exclusive: '{{ is_exclusive }}'`
ft(readme): modify readme - add sample usage - add description of the role - add licence of the role 2017-02-16 04:02:00 +08:00			`user: '{{ ssh_host_user }}'`
ft(ssh-rotation): Rotate ssh keys - add task to generate new keys - add task to rotate new keys - add new key to inventory 2017-02-16 03:41:30 +08:00			`state: present`
			`path: '{{ authorized_keys_path }}'`
			`manage_dir: '{{ should_manage_dir }}'`
ft(readme): modify readme - add sample usage - add description of the role - add licence of the role 2017-02-16 04:02:00 +08:00			`key: "{{ lookup('file', key_path + '.pub') }}"`
ft(ssh-rotation): Rotate ssh keys - add task to generate new keys - add task to rotate new keys - add new key to inventory 2017-02-16 03:41:30 +08:00
			`- name: Test if the new ssh key is allowed to make connections`
ft(ssh connection): test if connection is still valid 2017-02-17 22:02:28 +08:00			`shell: ssh {{ssh_host_user }}@{{ inventory_hostname }} "echo success"`
			`delegate_to: localhost`