06017e09f5
- add task to generate new keys - add task to rotate new keys - add new key to inventory
27 lines
805 B
YAML
27 lines
805 B
YAML
---
|
|
# tasks file for ssh-key-rotation
|
|
- name: Generate New ssh Keys
|
|
command:
|
|
ssh-keygen -t rsa
|
|
-N "{{ passphrase }}" -q
|
|
-f {{ lookup('env','HOME') + private_key_path }} -y
|
|
when: inventory_hostname == play_hosts[0]
|
|
delegate_to: localhost
|
|
|
|
- name: Set Authorized key(s) to the authorized keys file
|
|
become: yes
|
|
become_user: root
|
|
authorized_key:
|
|
exclusive: '{{ is_exclusive }}'
|
|
user: '{{ host_user }}'
|
|
state: present
|
|
path: '{{ authorized_keys_path }}'
|
|
manage_dir: '{{ should_manage_dir }}'
|
|
key: "{{ lookup('file', lookup('env','HOME') + public_key_path)}}"
|
|
|
|
- debug:
|
|
msg: "{{ play_hosts }}"
|
|
|
|
- name: Test if the new ssh key is allowed to make connections
|
|
set_fact: ansible_private_ssh_key={{ lookup('file', lookup('env','HOME') + private_key_path)}}
|