| Andy Bavier | 3833383 | 2017-06-19 09:55:35 -0400 | [diff] [blame] | 1 | # Fetch local user rather than relying on (deprecated) ansible_user |
| 2 | - name: Get the username running the deploy |
| 3 | local_action: command whoami |
| 4 | register: username_on_the_host |
| 5 | tags: |
| 6 | - establish_ssh_keys |
| 7 | - skip_ansible_lint |
| 8 | |
| 9 | # SSH Key access from the current machine to the target node is required for the |
| 10 | # synchronize action to work. |
| 11 | - name: Ensure User SSH Keys |
| 12 | local_action: user name='{{ username_on_the_host.stdout }}' generate_ssh_key=yes ssh_key_bits=2048 |
| 13 | tags: |
| 14 | - establish_ssh_keys |
| 15 | |
| 16 | - name: Ensure Key Authorized on Target Head Node |
| 17 | authorized_key: |
| 18 | user: '{{ansible_ssh_user}}' |
| 19 | key: "{{lookup('file', '~/.ssh/id_rsa.pub')}}" |
| 20 | tags: |
| 21 | - establish_ssh_keys |
| David K. Bainbridge | 0a7cdbb | 2017-07-14 11:36:13 -0700 | [diff] [blame] | 22 | |
| 23 | - name: Ensure key pair storage |
| 24 | become: yes |
| 25 | local_action: file path={{pub_ssh_key_file_location}} mode="0755" state=directory |
| 26 | |
| 27 | - name: Validate existing key pair |
| 28 | become: yes |
| 29 | local_action: stat path={{pub_ssh_key_file_location}}/cord_rsa |
| 30 | register: key_pair |
| 31 | |
| 32 | - name: Generate key pair |
| 33 | become: yes |
| 34 | local_action: command ssh-keygen -b 2048 -t rsa -N "" -C cord@cord.lab -f {{pub_ssh_key_file_location}}/cord_rsa |
| 35 | when: not key_pair.stat.exists |
| 36 | |
| 37 | - name: Ensure privacy of key pair |
| 38 | become: yes |
| 39 | local_action: file path="{{pub_ssh_key_file_location}}/{{item.name}}" mode="{{item.mode}}" |
| 40 | with_items: |
| 41 | - { "name": "cord_rsa", "mode": "0644" } |
| 42 | - { "name": "cord_rsa.pub", "mode": "0644" } |