skylab/omni-ansible
Archived
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move sshkey updates to a dedicated deployment playbook

Browse Source 
Import deploy sshkey playbook in update users
This commit is contained in:
Ethan Paul 2019-09-01 13:57:23 -04:00
parent 6a881e918b
commit 99fb36ec56
2 changed files with 32 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
playbooks/deploy-sshkeys.yml Normal file
View File

@ -0,0 +1,31 @@
---
- hosts: all
name: Update ssh keys on all devices
tasks:
- import_tasks: tasks/users-preprocessing.yml
- name: Install public keys
tags: users_keys
become: true
block:
- name: Ensure SSH directory exists
file:
state: directory
path: /home/{{ item.name }}/.ssh
loop: "{{ local_users | difference([None]) }}"
- name: Put keys on remote
when: item.keys != []
authorized_key:
user: "{{ item.name }}"
key: "{{ item.sshkeys | join('\n') }}"
state: present
exclusive: yes
loop: "{{ local_users | difference([None]) }}"
- hosts: all
name: Disable SSH password authentication
tags:
- always
tasks:
- import_tasks: tasks/sshd/disable-password-auth.yml
when: enable_ssh_password_auth|bool == false

26
playbooks/update-users-local.yml
View File

@ -112,24 +112,6 @@
- name: Restart dconf database - name: Restart dconf database
shell: dconf update shell: dconf update
- name: Install public keys
tags: users_keys
become: true
block:
- name: Ensure SSH directory exists
file:
state: directory
path: /home/{{ item.name }}/.ssh
loop: "{{ local_users | difference([None]) }}"
- name: Put keys on remote
when: item.keys != []
authorized_key:
user: "{{ item.name }}"
key: "{{ item.sshkeys | join('\n') }}"
state: present
exclusive: yes
loop: "{{ local_users | difference([None]) }}"
- name: Ensure proper ownership of user home directories - name: Ensure proper ownership of user home directories
become: true become: true
file: file:
@ -140,10 +122,4 @@
state: directory state: directory
loop: "{{ local_users | difference([None]) }}" loop: "{{ local_users | difference([None]) }}"
- hosts: all - import_playbook: deploy-sshkeys.yml
name: Disable SSH password authentication
tags:
- always
tasks:
- import_tasks: tasks/sshd/disable-password-auth.yml
when: enable_ssh_password_auth|bool == false