ft(ssh): deployment key

- add capability to add seperate deployment key
- add capability to not generate new key

README.md

@@ -41,6 +41,15 @@ ssh_host_user: ubuntu
 # The location to store the keys to. (warning it should not begin with /)
 ssh_key_path: ".ssh/new-ssh-key"
 
+# if you already have generated you keys add the following variables.
+
+# Set to true by default
+generate_new_key: True
+ssh_connection_key: "some key"
+
+# add this if you want to add deployment key for your server,
+ssh_deployment_key: "deployment key"
+
 ```
 
 The above variables and values are the default inputs to this role. You can check the default folder. Make sure you upate them with your own.

defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-# defaugalts file for ssh-key-rotation
+# defaults file for ssh-key-rotation
 is_exclusive: no
 should_manage_dir: no
 authorized_keys_path: '{{ ansible_env.HOME }}/.ssh/authorized_keys'
@@ -8,4 +8,5 @@ ssh_key_bits: 2048
 ssh_key_comment: domain@example.com
 ssh_host_user: vagrant
 ssh_key_path: ".ssh/new-ssh-key"
+generate_new_key: True
 

meta/main.yml

@@ -1,22 +1,15 @@
 galaxy_info:
   author: Thomas Nyambati
   description: Ansible role that enables you to rotate ssh keys on your remote servers
-  company: your company (optional)
+  company: Andela Kenya Ltd
-
+  license: MIT
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Some suggested licenses:
-  # - BSD (default)
-  # - MIT
-  # - GPLv2
-  # - GPLv3
-  # - Apache
-  # - CC-BY
-  license: license (GPLv2, CC-BY, etc)
-
   min_ansible_version: 2.2
+  platforms:
+    - name: Ubuntu
+      versions:
+      - trusty
   galaxy_tags: []
+  categories:
+  - system
 dependencies: []
 

tasks/generate_key.yml

@@ -0,0 +1,17 @@
+# tasks file for ssh-key-rotation
+- name: Generate a new ssh Key
+  command:
+    ssh-keygen
+      -t rsa
+      -b {{ ssh_key_bits }}
+      -N "{{ passphrase }}" -q
+      -f {{ lookup('env','HOME')}}/{{ ssh_key_path }}
+      -C {{ ssh_key_comment }}
+  when: inventory_hostname == play_hosts[0]
+  args:
+    creates: "{{ lookup('env','HOME') + '/' + ssh_key_path }}"
+  delegate_to: localhost
+
+- name: Store then value of the ssh key path
+  set_fact:
+    ssh_connection_key: "{{ lookup('file', lookup('env','HOME') + '/' + ssh_key_path + '.pub') }}"

tasks/main.yml

@@ -1,32 +1,37 @@
 ---
-# tasks file for ssh-key-rotation
+- include: generate_key.yml
-- name: Generate New ssh Keys
+  when: generate_new_key | default(True)
-  command:
-    ssh-keygen
-      -t rsa
-      -b {{ ssh_key_bits }}
-      -N "{{ passphrase }}" -q
-      -f {{ lookup('env','HOME')}}/{{ ssh_key_path }}
-      -C {{ ssh_key_comment }}
-  when: inventory_hostname == play_hosts[0]
-  args:
-    creates: "{{ lookup('env','HOME')}}/{{ ssh_key_path }}"
-  delegate_to: localhost
 
-- name: Store then value of the ssh key path
+- name: Ensure that ssh connection key is defined
-  set_fact: key_path={{ lookup('env','HOME')}}/{{ ssh_key_path }}
+  assert:
+    that: ssh_connection_key is defined
 
 - name: Set Authorized key(s) to the authorized keys file
   become: yes
   become_user: root
+  when: ssh_connection_key is defined
   authorized_key:
     exclusive: '{{ is_exclusive }}'
     user: '{{ ssh_host_user }}'
     state: present
     path: '{{ authorized_keys_path }}'
     manage_dir: '{{ should_manage_dir }}'
-    key: "{{ lookup('file', key_path + '.pub') }}"
+    key: "{{ ssh_connection_key }}"
+
+- name: copy
+  when: generate_new_key != true
+  copy:
+    content: "{{ ssh_connection_key }}"
+    dest: "{{ ssh_key_path }}"
+
+- name: Add deployment key
+  when: ssh_deployment_key is defined
+  become: yes
+  become_user: root
+  authorized_key:
+    user: '{{ ssh_host_user }}'
+    state: present
+    path: '{{ authorized_keys_path }}'
+    manage_dir: '{{ should_manage_dir }}'
+    key: "{{ ssh_deployment_key }}"
 
-- name: Test if the new ssh key is allowed to make connections
-  shell: ssh {{ssh_host_user }}@{{ inventory_hostname }} "echo success"
-  delegate_to: localhost