ft(readme): modify readme

- add sample usage
- add description of the role
- add licence of the role

README.md

@@ -1,38 +1,93 @@
-Role Name
+
+# ssh Key Rotation
+
+[![Build Status](https://travis-ci.org/nyambati/ssh-key-rotation.svg?branch=master)](https://travis-ci.org/nyambati/ssh-key-rotation)
 =========
 
-A brief description of the role goes here.
+This is ansible role that enables you to rotate ssh keys on your remote servers
 
 Requirements
 ------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+This modules depeds on ansible 2.2.X
 
 Role Variables
 --------------
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+For this role to work it requires the following variables:
 
-Dependencies
-------------
+```yaml
+# Removes the existing public keys when set to yes
+is_exclusive: no
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+should_manage_dir: no
+
+# The location to where the authorized_keys file existing
+# .shh/authorized_keys is the deafult value
+authorized_keys_path: .ssh/authorized_keys
+
+# This is the passphrase used to encrypt your new ssh key
+passphrase: 83g!8bfu5M5yy84x
+
+# The number of bits you want to assign the key
+ssh_key_bits: 2048
+
+# The comment that accompanies the key
+ssh_key_comment: domain@example.com
+
+# The user of the host keys are added to
+ssh_host_user: ubuntu
+
+# The location to store the keys to. (warning it should not begin with /)
+ssh_key_path: ".ssh/new-ssh-key"
+
+```
+
+The above variables and values are the default inputs to this role. You can check the default folder. Make sure you upate them with your own.
 
 Example Playbook
 ----------------
 
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
 
-    - hosts: servers
-      roles:
-         - { role: username.rolename, x: 42 }
+```
+---
+- hosts: all
+  remote_user: vagrant
+  vars:
+    host_user: vagrant
+    ssh_key_path: .ssh/some-new-secure
+  roles:
+    - ssh-key-rotation
+
+
+```
 
 License
 -------
+MIT License
 
-BSD
+Copyright (c) 2017 Nyambati Thomas <thomasnyambati@gmal.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
 
 Author Information
 ------------------
+Thomas Nyambati <thomasnyambati@gmail.com>
 
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).

defaults/main.yml

@@ -4,3 +4,8 @@ is_exclusive: no
 should_manage_dir: no
 authorized_keys_path: '{{ ansible_env.HOME }}/.ssh/authorized_keys'
 passphrase: 83g!8bfu5M5yy84x
+ssh_key_bits: 2048
+ssh_key_comment: domain@example.com
+ssh_host_user: vagrant
+ssh_key_path: ".ssh/new-ssh-key"
+

tasks/main.yml

@@ -2,25 +2,30 @@
 # tasks file for ssh-key-rotation
 - name: Generate New ssh Keys
   command:
-    ssh-keygen -t rsa
+    ssh-keygen
+      -t rsa
+      -b {{ ssh_key_bits }}
       -N "{{ passphrase }}" -q
-      -f {{ lookup('env','HOME') + private_key_path }} -y
+      -f {{ lookup('env','HOME')}}/{{ ssh_key_path }}
+      -C {{ ssh_key_comment }}
   when: inventory_hostname == play_hosts[0]
+  args:
+    creates: "{{ lookup('env','HOME')}}/{{ ssh_key_path }}"
   delegate_to: localhost
 
+- name: Store then value of the ssh key path
+  set_fact: key_path={{ lookup('env','HOME')}}/{{ ssh_key_path }}
+
 - name: Set Authorized key(s) to the authorized keys file
   become: yes
   become_user: root
   authorized_key:
     exclusive: '{{ is_exclusive }}'
-    user: '{{ host_user }}'
+    user: '{{ ssh_host_user }}'
     state: present
     path: '{{ authorized_keys_path }}'
     manage_dir: '{{ should_manage_dir }}'
-    key: "{{ lookup('file', lookup('env','HOME') + public_key_path)}}"
-
-- debug:
-    msg: "{{ play_hosts }}"
+    key: "{{ lookup('file', key_path + '.pub') }}"
 
 - name: Test if the new ssh key is allowed to make connections
-  set_fact:  ansible_private_ssh_key={{ lookup('file', lookup('env','HOME') + private_key_path)}}
+  set_fact:  ansible_private_ssh_key={{ lookup('file', key_path)}}

vars/main.yml

@@ -1,2 +0,0 @@
----
-# vars file for ssh-key-rotation