omni-ansible/playbooks/deploy-sshkeys.yml

---
- hosts: all
  name: Update ssh keys on all devices
  tasks:
    - import_tasks: tasks/users-preprocessing.yml

    - name: Install public keys
      tags: users_keys
      become: true
      block:
        - name: Ensure SSH directory exists
          file:
            state: directory
            path: /home/{{ item.name }}/.ssh
          loop: "{{ local_users | difference([None]) }}"
        - name: Put keys on remote
          when: item.keys != []
          authorized_key:
            user: "{{ item.name }}"
            key: "{{ item.sshkeys | join('\n') }}"
            state: present
            exclusive: yes
          loop: "{{ local_users | difference([None]) }}"

- hosts: all
  name: Disable SSH password authentication
  tags:
    - always
  tasks:
    - import_tasks: tasks/sshd/disable-password-auth.yml
      when: enable_ssh_password_auth|bool == false
Move sshkey updates to a dedicated deployment playbook Import deploy sshkey playbook in update users 2019-09-01 17:57:23 +00:00			`---`
			`- hosts: all`
			`name: Update ssh keys on all devices`
			`tasks:`
			`- import_tasks: tasks/users-preprocessing.yml`

			`- name: Install public keys`
			`tags: users_keys`
			`become: true`
			`block:`
			`- name: Ensure SSH directory exists`
			`file:`
			`state: directory`
			`path: /home/{{ item.name }}/.ssh`
			`loop: "{{ local_users \| difference([None]) }}"`
			`- name: Put keys on remote`
			`when: item.keys != []`
			`authorized_key:`
			`user: "{{ item.name }}"`
			`key: "{{ item.sshkeys \| join('\n') }}"`
			`state: present`
			`exclusive: yes`
			`loop: "{{ local_users \| difference([None]) }}"`

			`- hosts: all`
			`name: Disable SSH password authentication`
			`tags:`
			`- always`
			`tasks:`
			`- import_tasks: tasks/sshd/disable-password-auth.yml`
			`when: enable_ssh_password_auth\|bool == false`