2017-02-16 03:41:30 +08:00
|
|
|
---
|
|
|
|
# tasks file for ssh-key-rotation
|
|
|
|
- name: Generate New ssh Keys
|
|
|
|
command:
|
2017-02-16 04:02:00 +08:00
|
|
|
ssh-keygen
|
|
|
|
-t rsa
|
|
|
|
-b {{ ssh_key_bits }}
|
2017-02-16 03:41:30 +08:00
|
|
|
-N "{{ passphrase }}" -q
|
2017-02-16 04:02:00 +08:00
|
|
|
-f {{ lookup('env','HOME')}}/{{ ssh_key_path }}
|
|
|
|
-C {{ ssh_key_comment }}
|
2017-02-16 03:41:30 +08:00
|
|
|
when: inventory_hostname == play_hosts[0]
|
2017-02-16 04:02:00 +08:00
|
|
|
args:
|
|
|
|
creates: "{{ lookup('env','HOME')}}/{{ ssh_key_path }}"
|
2017-02-16 03:41:30 +08:00
|
|
|
delegate_to: localhost
|
|
|
|
|
2017-02-16 04:02:00 +08:00
|
|
|
- name: Store then value of the ssh key path
|
|
|
|
set_fact: key_path={{ lookup('env','HOME')}}/{{ ssh_key_path }}
|
|
|
|
|
2017-02-16 03:41:30 +08:00
|
|
|
- name: Set Authorized key(s) to the authorized keys file
|
|
|
|
become: yes
|
|
|
|
become_user: root
|
|
|
|
authorized_key:
|
|
|
|
exclusive: '{{ is_exclusive }}'
|
2017-02-16 04:02:00 +08:00
|
|
|
user: '{{ ssh_host_user }}'
|
2017-02-16 03:41:30 +08:00
|
|
|
state: present
|
|
|
|
path: '{{ authorized_keys_path }}'
|
|
|
|
manage_dir: '{{ should_manage_dir }}'
|
2017-02-16 04:02:00 +08:00
|
|
|
key: "{{ lookup('file', key_path + '.pub') }}"
|
2017-02-16 03:41:30 +08:00
|
|
|
|
|
|
|
- name: Test if the new ssh key is allowed to make connections
|
2017-02-16 04:02:00 +08:00
|
|
|
set_fact: ansible_private_ssh_key={{ lookup('file', key_path)}}
|