| # Fetch local user rather than relying on (deprecated) ansible_user |
| - name: Get the username running the deploy |
| local_action: command whoami |
| register: username_on_the_host |
| tags: |
| - establish_ssh_keys |
| - skip_ansible_lint |
| |
| # SSH Key access from the current machine to the target node is required for the |
| # synchronize action to work. |
| - name: Ensure User SSH Keys |
| local_action: user name='{{ username_on_the_host.stdout }}' generate_ssh_key=yes ssh_key_bits=2048 |
| tags: |
| - establish_ssh_keys |
| |
| - name: Ensure Key Authorized on Target Head Node |
| authorized_key: |
| user: '{{ansible_ssh_user}}' |
| key: "{{lookup('file', '~/.ssh/id_rsa.pub')}}" |
| tags: |
| - establish_ssh_keys |
| |
| - name: Ensure key pair storage |
| become: yes |
| local_action: file path={{pub_ssh_key_file_location}} mode="0755" state=directory |
| |
| - name: Validate existing key pair |
| become: yes |
| local_action: stat path={{pub_ssh_key_file_location}}/cord_rsa |
| register: key_pair |
| |
| - name: Generate key pair |
| become: yes |
| local_action: command ssh-keygen -b 2048 -t rsa -N "" -C cord@cord.lab -f {{pub_ssh_key_file_location}}/cord_rsa |
| when: not key_pair.stat.exists |
| |
| - name: Ensure privacy of key pair |
| become: yes |
| local_action: file path="{{pub_ssh_key_file_location}}/{{item.name}}" mode="{{item.mode}}" |
| with_items: |
| - { "name": "cord_rsa", "mode": "0644" } |
| - { "name": "cord_rsa.pub", "mode": "0644" } |