ssh-key-rotation-role/tasks/main.yml

---
# tasks file for ssh-key-rotation
- name: Generate New ssh Keys
  command:
    ssh-keygen -t rsa
      -N "{{ passphrase }}" -q
      -f {{ lookup('env','HOME') + private_key_path }} -y
  when: inventory_hostname == play_hosts[0]
  delegate_to: localhost

- name: Set Authorized key(s) to the authorized keys file
  become: yes
  become_user: root
  authorized_key:
    exclusive: '{{ is_exclusive }}'
    user: '{{ host_user }}'
    state: present
    path: '{{ authorized_keys_path }}'
    manage_dir: '{{ should_manage_dir }}'
    key: "{{ lookup('file', lookup('env','HOME') + public_key_path)}}"

- debug:
    msg: "{{ play_hosts }}"

- name: Test if the new ssh key is allowed to make connections
  set_fact:  ansible_private_ssh_key={{ lookup('file', lookup('env','HOME') + private_key_path)}}
ft(ssh-rotation): Rotate ssh keys - add task to generate new keys - add task to rotate new keys - add new key to inventory 2017-02-16 03:41:30 +08:00			`---`
			`# tasks file for ssh-key-rotation`
			`- name: Generate New ssh Keys`
			`command:`
			`ssh-keygen -t rsa`
			`-N "{{ passphrase }}" -q`
			`-f {{ lookup('env','HOME') + private_key_path }} -y`
			`when: inventory_hostname == play_hosts[0]`
			`delegate_to: localhost`

			`- name: Set Authorized key(s) to the authorized keys file`
			`become: yes`
			`become_user: root`
			`authorized_key:`
			`exclusive: '{{ is_exclusive }}'`
			`user: '{{ host_user }}'`
			`state: present`
			`path: '{{ authorized_keys_path }}'`
			`manage_dir: '{{ should_manage_dir }}'`
			`key: "{{ lookup('file', lookup('env','HOME') + public_key_path)}}"`

			`- debug:`
			`msg: "{{ play_hosts }}"`

			`- name: Test if the new ssh key is allowed to make connections`
			`set_fact: ansible_private_ssh_key={{ lookup('file', lookup('env','HOME') + private_key_path)}}`