Modified the role + Updated the LICENSE
This commit is contained in:
parent
29c77bb77c
commit
f26e8fa49c
29
.travis.yml
29
.travis.yml
@ -1,29 +0,0 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
3
LICENSE
3
LICENSE
@ -1,5 +1,6 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2023 Opnxng
|
||||
Copyright (c) 2017 Nyambati Thomas
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
@ -18,4 +19,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
SOFTWARE.
|
107
README.md
107
README.md
@ -1,103 +1,28 @@
|
||||
# SSH Key Rotation
|
||||
|
||||
# [![Build Status](https://travis-ci.org/nyambati/ssh-key-rotation.svg?branch=master)](https://travis-ci.org/nyambati/ssh-key-rotation)
|
||||
|
||||
This is ansible role that enables you to rotate ssh keys on your remote servers. You can find this role on [ansible galaxy](https://galaxy.ansible.com/nyambati/ssh-key-rotation)
|
||||
|
||||
## Requirements
|
||||
|
||||
This modules depends on ansible 2.2.X
|
||||
|
||||
## Role Variables
|
||||
|
||||
For this role to work it requires the following variables:
|
||||
|
||||
```yaml
|
||||
# Removes the existing public keys when set to yes
|
||||
is_exclusive: no
|
||||
|
||||
should_manage_dir: no
|
||||
|
||||
# The location to where the authorized_keys file existing
|
||||
# .shh/authorized_keys is the deafult value
|
||||
authorized_keys_path: .ssh/authorized_keys
|
||||
|
||||
# This is the passphrase used to encrypt your new ssh key
|
||||
passphrase: 83g!8bfu5M5yy84x
|
||||
|
||||
# The number of bits you want to assign the key
|
||||
ssh_key_bits: 2048
|
||||
|
||||
# The comment that accompanies the key
|
||||
ssh_key_comment: domain@example.com
|
||||
|
||||
# The user of the host keys are added to
|
||||
ssh_host_user: ubuntu
|
||||
|
||||
# The location to store the keys to. (warning it should not begin with /)
|
||||
ssh_key_path: ".ssh/new-ssh-key"
|
||||
|
||||
# if you already have generated you keys add the following variables.
|
||||
|
||||
# Set to true by default
|
||||
generate_new_key: True
|
||||
ssh_connection_key: "some key"
|
||||
|
||||
# add this if you want to add deployment key for your server,
|
||||
ssh_deployment_key: "deployment key"
|
||||
```
|
||||
|
||||
The above variables and values are the default inputs to this role. You can check the default folder. Make sure you upate them with your own.
|
||||
|
||||
Installation
|
||||
|
||||
You can install this role from ansible galaxy by running
|
||||
|
||||
```bash
|
||||
$ ansible-galaxy install nyambati.ssh-key-rotation
|
||||
```
|
||||
This is Ansible role that enables you to rotate ssh keys on your remote servers. Forked from [nyambati/ssh-key-rotation](https://github.com/nyambati/ssh-key-rotation/tree/master). By default, this role generates an ed25519 key pair with the Ansible group and the current date as its name.
|
||||
|
||||
## Example Playbook
|
||||
|
||||
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||
|
||||
```
|
||||
---
|
||||
- hosts: all
|
||||
remote_user: vagrant
|
||||
- name: SSH Keys Rotation
|
||||
hosts: all
|
||||
remote_user: user
|
||||
vars:
|
||||
host_user: vagrant
|
||||
ssh_key_path: .ssh/some-new-secure
|
||||
is_exclusive: no
|
||||
ssh_host_user: user
|
||||
vars_prompt:
|
||||
- name: passphrase
|
||||
prompt: "Enter the passphrase"
|
||||
private: true
|
||||
- name: confirm_passphrase
|
||||
prompt: "Confirm the passphrase"
|
||||
private: true
|
||||
roles:
|
||||
- nyambati.ssh-key-rotation
|
||||
|
||||
|
||||
- ssh-key-rotation
|
||||
```
|
||||
|
||||
## License
|
||||
## Original Author
|
||||
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2017 Nyambati Thomas <thomasnyambati@gmal.com>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
## Author Information
|
||||
|
||||
Thomas Nyambati <thomasnyambati@gmail.com>
|
||||
Thomas Nyambati <thomasnyambati@gmail.com>
|
@ -1,12 +1,36 @@
|
||||
---
|
||||
# defaults file for ssh-key-rotation
|
||||
is_exclusive: no
|
||||
should_manage_dir: no
|
||||
authorized_keys_path: '{{ ansible_env.HOME }}/.ssh/authorized_keys'
|
||||
passphrase: 83g!8bfu5M5yy84x
|
||||
ssh_key_bits: 2048
|
||||
ssh_key_comment: domain@example.com
|
||||
ssh_host_user: vagrant
|
||||
ssh_key_path: ".ssh/new-ssh-key"
|
||||
generate_new_key: True
|
||||
|
||||
# Removes the existing public keys when set to yes
|
||||
is_exclusive: yes
|
||||
should_manage_dir: no
|
||||
|
||||
# The location to store the keys to. (warning it should not begin with /)
|
||||
ssh_key_path: ".ssh/{{ group_names[0] }}-{{ansible_date_time.date}}"
|
||||
|
||||
# The location to where the authorized_keys file existing
|
||||
authorized_keys_path: ".ssh/authorized_keys"
|
||||
|
||||
# Set key algorithm
|
||||
ssh_key_algorithm: ed25519
|
||||
# ssh_key_algorithm: rsa -b 2048
|
||||
|
||||
# The comment that accompanies the key
|
||||
ssh_key_comment: "{{ group_names[0] }}-{{ansible_date_time.date}}"
|
||||
|
||||
# The user of the host keys are added to
|
||||
ssh_host_user: user
|
||||
|
||||
# Set to true by default
|
||||
generate_new_key: true
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
# Ask passphrase on prompt instead
|
||||
# passphrase: 83g!8bfu5M5yy84x
|
||||
|
||||
# add this if you want to add connection key for your server
|
||||
# ssh_connection_key: "some key"
|
||||
|
||||
# add this if you want to add deployment key for your server
|
||||
# ssh_deployment_key: "deployment key"
|
@ -1,15 +0,0 @@
|
||||
galaxy_info:
|
||||
author: Thomas Nyambati
|
||||
description: Ansible role that enables you to rotate ssh keys on your remote servers
|
||||
company: Andela Kenya Ltd
|
||||
license: MIT
|
||||
min_ansible_version: 2.2
|
||||
platforms:
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- trusty
|
||||
galaxy_tags: []
|
||||
categories:
|
||||
- system
|
||||
dependencies: []
|
||||
|
@ -2,16 +2,15 @@
|
||||
- name: Generate a new ssh Key
|
||||
command:
|
||||
ssh-keygen
|
||||
-t rsa
|
||||
-b {{ ssh_key_bits }}
|
||||
-t {{ ssh_key_algorithm }}
|
||||
-N "{{ passphrase }}" -q
|
||||
-f {{ lookup('env','HOME')}}/{{ ssh_key_path }}
|
||||
-f /home/{{ ssh_host_user }}/{{ ssh_key_path }}
|
||||
-C {{ ssh_key_comment }}
|
||||
when: inventory_hostname == play_hosts[0]
|
||||
args:
|
||||
creates: "{{ lookup('env','HOME') + '/' + ssh_key_path }}"
|
||||
creates: "/home/{{ ssh_host_user }}/{{ ssh_key_path }}"
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Store then value of the ssh key path
|
||||
set_fact:
|
||||
ssh_connection_key: "{{ lookup('file', lookup('env','HOME') + '/' + ssh_key_path + '.pub') }}"
|
||||
ssh_connection_key: "{{ lookup('file', '/' + 'home' + '/' + ssh_host_user + '/' + ssh_key_path + '.pub') }}"
|
@ -1,4 +1,11 @@
|
||||
---
|
||||
- name: Check if the passphrase inputs match
|
||||
assert:
|
||||
that:
|
||||
- "{{ passphrase == confirm_passphrase }}"
|
||||
fail_msg: "Passphrase inputs do not match"
|
||||
when: passphrase != confirm_passphrase
|
||||
|
||||
- import_tasks: generate_key.yml
|
||||
when: generate_new_key | default(True)
|
||||
|
||||
@ -7,14 +14,13 @@
|
||||
that: ssh_connection_key is defined
|
||||
|
||||
- name: Set Authorized key(s) to the authorized keys file
|
||||
become: yes
|
||||
become_user: root
|
||||
become: true
|
||||
when: ssh_connection_key is defined
|
||||
authorized_key:
|
||||
exclusive: '{{ is_exclusive }}'
|
||||
user: '{{ ssh_host_user }}'
|
||||
state: present
|
||||
path: '{{ authorized_keys_path }}'
|
||||
path: '/home/{{ ssh_host_user }}/{{ authorized_keys_path }}'
|
||||
manage_dir: '{{ should_manage_dir }}'
|
||||
key: "{{ ssh_connection_key }}"
|
||||
|
||||
@ -31,7 +37,7 @@
|
||||
authorized_key:
|
||||
user: '{{ ssh_host_user }}'
|
||||
state: present
|
||||
path: '{{ authorized_keys_path }}'
|
||||
path: '/home/{{ ssh_host_user }}/{{ authorized_keys_path }}'
|
||||
manage_dir: '{{ should_manage_dir }}'
|
||||
key: "{{ ssh_deployment_key }}"
|
||||
|
||||
|
@ -1 +0,0 @@
|
||||
localhost
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- ssh-key-rotation
|
Loading…
Reference in New Issue
Block a user