Browse Source

keys list format changed from 'list' to 'dict', parent dicts now merging with childs dicts.

sys-systemd-and-upstart
Vladimir Smagin 7 months ago
parent
commit
63c3a76c64
Signed by: Vladimir Smagin <21h@blindage.org> GPG Key ID: 29AE91B1A37721C3

+ 2
- 0
keys-ansible/.gitignore View File

@@ -0,0 +1,2 @@
1
+*.log
2
+*.retry

+ 2
- 1
keys-ansible/ansible.cfg View File

@@ -1,3 +1,4 @@
1 1
 [defaults] 
2 2
 log_path=ansible.log
3
-nocows = 1
3
+nocows = 1
4
+hash_behaviour = merge

+ 0
- 7
keys-ansible/group_vars/hetzner-balancers.yml View File

@@ -1,7 +0,0 @@
1
-access_list:
2
-  - { keypath: "../keys/admin.pub", username: "root" }
3
-  - { keypath: "../keys/techguy.pub", username: "root" }
4
-  - { keypath: "../keys/interserver.pub", username: "root" }
5
-
6
-secret_list:
7
-  - { keypath: "../keys/interserver.pem", username: "root" }

+ 3
- 7
keys-ansible/group_vars/hetzner-nodes.yml View File

@@ -1,8 +1,4 @@
1 1
 access_list:
2
-  - { keypath: "../keys/interserver.pub", username: "root" }
3
-  - { keypath: "../keys/admin.pub", username: "root" }
4
-  - { keypath: "../keys/project-git.pub", username: "root" }
5
-  - { keypath: "../keys/developer1.pub", username: "root" }
6
-  - { keypath: "../keys/developer2.pub", username: "root" }
7
-
8
-secret_list:
2
+  git: { keypath: "../keys/project-git.pub", username: "root" }
3
+  dev1: { keypath: "../keys/developer1.pub", username: "root" }
4
+  dev2: { keypath: "../keys/developer2.pub", username: "root" }

+ 4
- 2
keys-ansible/group_vars/hetzner.yml View File

@@ -1,4 +1,6 @@
1 1
 access_list:
2
-  - { keypath: "../keys/admin.pub", username: "root" }
3
-  - { keypath: "../keys/techguy.pub", username: "root" }
2
+  admin: { keypath: "../keys/admin.pub", username: "root" }
3
+  techguy: { keypath: "../keys/techguy.pub", username: "root" }
4
+  interserver: { keypath: "../keys/interserver.pub", username: "root" }
4 5
 secret_list:
6
+  interserver: { keypath: "../keys/interserver.pem", username: "root" }

+ 2
- 7
keys-ansible/group_vars/monitoring.yml View File

@@ -1,8 +1,3 @@
1 1
 access_list:
2
-  - { keypath: "../keys/admin.pub", username: "root" }
3
-  - { keypath: "../keys/techguy.pub", username: "root" }
4
-  - { keypath: "../keys/interserver.pub", username: "root" }
5
-
6
-secret_list:
7
-  - { keypath: "../keys/interserver.pem", username: "root" }
8
-
2
+  admin: { keypath: "../keys/admin.pub", username: "root" }
3
+  techguy: { keypath: "../keys/techguy.pub", username: "root" }

+ 10
- 0
keys-ansible/readme.md View File

@@ -0,0 +1,10 @@
1
+# Ansible centralized keys management
2
+
3
+Dicts in parent group merges with dicts in child groups. Warning! Playbook will delete all public keys and setup own **super** key, only after this public keys in group_vars will be added into users authorized_keys files.
4
+
5
+**Security issue!** You need to generate your own super key! Run ```ssh-keygen -f super``` and replace keys in ```super/``` directory.
6
+
7
+---
8
+Copyright by Vladimir Smagin, 2018
9
+http://blindage.org
10
+21h@blindage.org

+ 1
- 1
keys-ansible/roles/master_key/tasks/main.yml View File

@@ -1,5 +1,5 @@
1 1
 ---
2
-- name: Set administrative keys and delete others
2
+- name: Set primary ansible key and remove others
3 3
   authorized_key:
4 4
     user: root
5 5
     state: present

+ 7
- 7
keys-ansible/roles/ssh_access/tasks/main.yml View File

@@ -2,11 +2,11 @@
2 2
 #- debug:
3 3
 #    msg: "{{ access_list }}"
4 4
   
5
-- name: Set authorized keys
5
+- name: Set public keys
6 6
   become: true
7
-  become_user: "{{ item.username }}"
8
-  authorized_key: user="{{ item.username }}" key="{{ lookup('file', item.keypath) }}" state=present
9
-  with_items: "{{ access_list }}"
7
+  become_user: "{{ item.value.username }}"
8
+  authorized_key: user="{{ item.value.username }}" key="{{ lookup('file', item.value.keypath) }}" state=present
9
+  with_dict: "{{ access_list }}"
10 10
   when: access_list != None and access_list is defined
11 11
 
12 12
 #- debug:
@@ -14,8 +14,8 @@
14 14
 
15 15
 - name: Upload secret keys
16 16
   become: true
17
-  become_user: "{{ item.username }}"
18
-  copy: src="{{ item.keypath }}" dest="~/.ssh/{{ item.keypath | basename }}" mode=0600
19
-  with_items: "{{ secret_list }}"
17
+  become_user: "{{ item.value.username }}"
18
+  copy: src="{{ item.value.keypath }}" dest="~/.ssh/{{ item.value.keypath | basename }}" mode=0600
19
+  with_dict: "{{ secret_list }}"
20 20
   when: secret_list != None and secret_list is defined
21 21
 

Loading…
Cancel
Save