0
0

Modified the role + Updated the LICENSE

This commit is contained in:
Opnxng 2023-11-07 21:39:17 +08:00
parent 29c77bb77c
commit f26e8fa49c
9 changed files with 65 additions and 160 deletions

View File

@ -1,29 +0,0 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

View File

@ -1,5 +1,6 @@
MIT License
Copyright (c) 2023 Opnxng
Copyright (c) 2017 Nyambati Thomas
Permission is hereby granted, free of charge, to any person obtaining a copy

105
README.md
View File

@ -1,103 +1,28 @@
# SSH Key Rotation
# [![Build Status](https://travis-ci.org/nyambati/ssh-key-rotation.svg?branch=master)](https://travis-ci.org/nyambati/ssh-key-rotation)
This is ansible role that enables you to rotate ssh keys on your remote servers. You can find this role on [ansible galaxy](https://galaxy.ansible.com/nyambati/ssh-key-rotation)
## Requirements
This modules depends on ansible 2.2.X
## Role Variables
For this role to work it requires the following variables:
```yaml
# Removes the existing public keys when set to yes
is_exclusive: no
should_manage_dir: no
# The location to where the authorized_keys file existing
# .shh/authorized_keys is the deafult value
authorized_keys_path: .ssh/authorized_keys
# This is the passphrase used to encrypt your new ssh key
passphrase: 83g!8bfu5M5yy84x
# The number of bits you want to assign the key
ssh_key_bits: 2048
# The comment that accompanies the key
ssh_key_comment: domain@example.com
# The user of the host keys are added to
ssh_host_user: ubuntu
# The location to store the keys to. (warning it should not begin with /)
ssh_key_path: ".ssh/new-ssh-key"
# if you already have generated you keys add the following variables.
# Set to true by default
generate_new_key: True
ssh_connection_key: "some key"
# add this if you want to add deployment key for your server,
ssh_deployment_key: "deployment key"
```
The above variables and values are the default inputs to this role. You can check the default folder. Make sure you upate them with your own.
Installation
You can install this role from ansible galaxy by running
```bash
$ ansible-galaxy install nyambati.ssh-key-rotation
```
This is Ansible role that enables you to rotate ssh keys on your remote servers. Forked from [nyambati/ssh-key-rotation](https://github.com/nyambati/ssh-key-rotation/tree/master). By default, this role generates an ed25519 key pair with the Ansible group and the current date as its name.
## Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
```
---
- hosts: all
remote_user: vagrant
- name: SSH Keys Rotation
hosts: all
remote_user: user
vars:
host_user: vagrant
ssh_key_path: .ssh/some-new-secure
is_exclusive: no
ssh_host_user: user
vars_prompt:
- name: passphrase
prompt: "Enter the passphrase"
private: true
- name: confirm_passphrase
prompt: "Confirm the passphrase"
private: true
roles:
- nyambati.ssh-key-rotation
- ssh-key-rotation
```
## License
MIT License
Copyright (c) 2017 Nyambati Thomas <thomasnyambati@gmal.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
## Author Information
## Original Author
Thomas Nyambati <thomasnyambati@gmail.com>

View File

@ -1,12 +1,36 @@
---
# defaults file for ssh-key-rotation
is_exclusive: no
should_manage_dir: no
authorized_keys_path: '{{ ansible_env.HOME }}/.ssh/authorized_keys'
passphrase: 83g!8bfu5M5yy84x
ssh_key_bits: 2048
ssh_key_comment: domain@example.com
ssh_host_user: vagrant
ssh_key_path: ".ssh/new-ssh-key"
generate_new_key: True
# Removes the existing public keys when set to yes
is_exclusive: yes
should_manage_dir: no
# The location to store the keys to. (warning it should not begin with /)
ssh_key_path: ".ssh/{{ group_names[0] }}-{{ansible_date_time.date}}"
# The location to where the authorized_keys file existing
authorized_keys_path: ".ssh/authorized_keys"
# Set key algorithm
ssh_key_algorithm: ed25519
# ssh_key_algorithm: rsa -b 2048
# The comment that accompanies the key
ssh_key_comment: "{{ group_names[0] }}-{{ansible_date_time.date}}"
# The user of the host keys are added to
ssh_host_user: user
# Set to true by default
generate_new_key: true
# ----------------------------------------------------------------------------------------------------
# Ask passphrase on prompt instead
# passphrase: 83g!8bfu5M5yy84x
# add this if you want to add connection key for your server
# ssh_connection_key: "some key"
# add this if you want to add deployment key for your server
# ssh_deployment_key: "deployment key"

View File

@ -1,15 +0,0 @@
galaxy_info:
author: Thomas Nyambati
description: Ansible role that enables you to rotate ssh keys on your remote servers
company: Andela Kenya Ltd
license: MIT
min_ansible_version: 2.2
platforms:
- name: Ubuntu
versions:
- trusty
galaxy_tags: []
categories:
- system
dependencies: []

View File

@ -2,16 +2,15 @@
- name: Generate a new ssh Key
command:
ssh-keygen
-t rsa
-b {{ ssh_key_bits }}
-t {{ ssh_key_algorithm }}
-N "{{ passphrase }}" -q
-f {{ lookup('env','HOME')}}/{{ ssh_key_path }}
-f /home/{{ ssh_host_user }}/{{ ssh_key_path }}
-C {{ ssh_key_comment }}
when: inventory_hostname == play_hosts[0]
args:
creates: "{{ lookup('env','HOME') + '/' + ssh_key_path }}"
creates: "/home/{{ ssh_host_user }}/{{ ssh_key_path }}"
delegate_to: localhost
- name: Store then value of the ssh key path
set_fact:
ssh_connection_key: "{{ lookup('file', lookup('env','HOME') + '/' + ssh_key_path + '.pub') }}"
ssh_connection_key: "{{ lookup('file', '/' + 'home' + '/' + ssh_host_user + '/' + ssh_key_path + '.pub') }}"

View File

@ -1,4 +1,11 @@
---
- name: Check if the passphrase inputs match
assert:
that:
- "{{ passphrase == confirm_passphrase }}"
fail_msg: "Passphrase inputs do not match"
when: passphrase != confirm_passphrase
- import_tasks: generate_key.yml
when: generate_new_key | default(True)
@ -7,14 +14,13 @@
that: ssh_connection_key is defined
- name: Set Authorized key(s) to the authorized keys file
become: yes
become_user: root
become: true
when: ssh_connection_key is defined
authorized_key:
exclusive: '{{ is_exclusive }}'
user: '{{ ssh_host_user }}'
state: present
path: '{{ authorized_keys_path }}'
path: '/home/{{ ssh_host_user }}/{{ authorized_keys_path }}'
manage_dir: '{{ should_manage_dir }}'
key: "{{ ssh_connection_key }}"
@ -31,7 +37,7 @@
authorized_key:
user: '{{ ssh_host_user }}'
state: present
path: '{{ authorized_keys_path }}'
path: '/home/{{ ssh_host_user }}/{{ authorized_keys_path }}'
manage_dir: '{{ should_manage_dir }}'
key: "{{ ssh_deployment_key }}"

View File

@ -1 +0,0 @@
localhost

View File

@ -1,5 +0,0 @@
---
- hosts: localhost
remote_user: root
roles:
- ssh-key-rotation