0
0

ft(readme): modify readme

- add sample usage
- add description of the role
- add licence of the role
This commit is contained in:
Thomas Nyambati 2017-02-15 23:02:00 +03:00
parent 06017e09f5
commit 25294d025f
4 changed files with 85 additions and 22 deletions

View File

@ -1,38 +1,93 @@
Role Name
# ssh Key Rotation
[![Build Status](https://travis-ci.org/nyambati/ssh-key-rotation.svg?branch=master)](https://travis-ci.org/nyambati/ssh-key-rotation)
=========
A brief description of the role goes here.
This is ansible role that enables you to rotate ssh keys on your remote servers
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
This modules depeds on ansible 2.2.X
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
For this role to work it requires the following variables:
Dependencies
------------
```yaml
# Removes the existing public keys when set to yes
is_exclusive: no
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
should_manage_dir: no
# The location to where the authorized_keys file existing
# .shh/authorized_keys is the deafult value
authorized_keys_path: .ssh/authorized_keys
# This is the passphrase used to encrypt your new ssh key
passphrase: 83g!8bfu5M5yy84x
# The number of bits you want to assign the key
ssh_key_bits: 2048
# The comment that accompanies the key
ssh_key_comment: domain@example.com
# The user of the host keys are added to
ssh_host_user: ubuntu
# The location to store the keys to. (warning it should not begin with /)
ssh_key_path: ".ssh/new-ssh-key"
```
The above variables and values are the default inputs to this role. You can check the default folder. Make sure you upate them with your own.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
```
---
- hosts: all
remote_user: vagrant
vars:
host_user: vagrant
ssh_key_path: .ssh/some-new-secure
roles:
- ssh-key-rotation
```
License
-------
MIT License
BSD
Copyright (c) 2017 Nyambati Thomas <thomasnyambati@gmal.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Author Information
------------------
Thomas Nyambati <thomasnyambati@gmail.com>
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

View File

@ -4,3 +4,8 @@ is_exclusive: no
should_manage_dir: no
authorized_keys_path: '{{ ansible_env.HOME }}/.ssh/authorized_keys'
passphrase: 83g!8bfu5M5yy84x
ssh_key_bits: 2048
ssh_key_comment: domain@example.com
ssh_host_user: vagrant
ssh_key_path: ".ssh/new-ssh-key"

View File

@ -2,25 +2,30 @@
# tasks file for ssh-key-rotation
- name: Generate New ssh Keys
command:
ssh-keygen -t rsa
ssh-keygen
-t rsa
-b {{ ssh_key_bits }}
-N "{{ passphrase }}" -q
-f {{ lookup('env','HOME') + private_key_path }} -y
-f {{ lookup('env','HOME')}}/{{ ssh_key_path }}
-C {{ ssh_key_comment }}
when: inventory_hostname == play_hosts[0]
args:
creates: "{{ lookup('env','HOME')}}/{{ ssh_key_path }}"
delegate_to: localhost
- name: Store then value of the ssh key path
set_fact: key_path={{ lookup('env','HOME')}}/{{ ssh_key_path }}
- name: Set Authorized key(s) to the authorized keys file
become: yes
become_user: root
authorized_key:
exclusive: '{{ is_exclusive }}'
user: '{{ host_user }}'
user: '{{ ssh_host_user }}'
state: present
path: '{{ authorized_keys_path }}'
manage_dir: '{{ should_manage_dir }}'
key: "{{ lookup('file', lookup('env','HOME') + public_key_path)}}"
- debug:
msg: "{{ play_hosts }}"
key: "{{ lookup('file', key_path + '.pub') }}"
- name: Test if the new ssh key is allowed to make connections
set_fact: ansible_private_ssh_key={{ lookup('file', lookup('env','HOME') + private_key_path)}}
set_fact: ansible_private_ssh_key={{ lookup('file', key_path)}}

View File

@ -1,2 +0,0 @@
---
# vars file for ssh-key-rotation