Browse Source

keys list format changed from 'list' to 'dict', parent dicts now merging with childs dicts.

sys-systemd-and-upstart
Vladimir Smagin 11 months ago
parent
commit
63c3a76c64
Signed by: Vladimir Smagin <21h@blindage.org> GPG Key ID: 29AE91B1A37721C3

+ 2
- 0
keys-ansible/.gitignore View File

@@ -0,0 +1,2 @@
*.log
*.retry

+ 2
- 1
keys-ansible/ansible.cfg View File

@@ -1,3 +1,4 @@
[defaults]
log_path=ansible.log
nocows = 1
nocows = 1
hash_behaviour = merge

+ 0
- 7
keys-ansible/group_vars/hetzner-balancers.yml View File

@@ -1,7 +0,0 @@
access_list:
- { keypath: "../keys/admin.pub", username: "root" }
- { keypath: "../keys/techguy.pub", username: "root" }
- { keypath: "../keys/interserver.pub", username: "root" }

secret_list:
- { keypath: "../keys/interserver.pem", username: "root" }

+ 3
- 7
keys-ansible/group_vars/hetzner-nodes.yml View File

@@ -1,8 +1,4 @@
access_list:
- { keypath: "../keys/interserver.pub", username: "root" }
- { keypath: "../keys/admin.pub", username: "root" }
- { keypath: "../keys/project-git.pub", username: "root" }
- { keypath: "../keys/developer1.pub", username: "root" }
- { keypath: "../keys/developer2.pub", username: "root" }

secret_list:
git: { keypath: "../keys/project-git.pub", username: "root" }
dev1: { keypath: "../keys/developer1.pub", username: "root" }
dev2: { keypath: "../keys/developer2.pub", username: "root" }

+ 4
- 2
keys-ansible/group_vars/hetzner.yml View File

@@ -1,4 +1,6 @@
access_list:
- { keypath: "../keys/admin.pub", username: "root" }
- { keypath: "../keys/techguy.pub", username: "root" }
admin: { keypath: "../keys/admin.pub", username: "root" }
techguy: { keypath: "../keys/techguy.pub", username: "root" }
interserver: { keypath: "../keys/interserver.pub", username: "root" }
secret_list:
interserver: { keypath: "../keys/interserver.pem", username: "root" }

+ 2
- 7
keys-ansible/group_vars/monitoring.yml View File

@@ -1,8 +1,3 @@
access_list:
- { keypath: "../keys/admin.pub", username: "root" }
- { keypath: "../keys/techguy.pub", username: "root" }
- { keypath: "../keys/interserver.pub", username: "root" }

secret_list:
- { keypath: "../keys/interserver.pem", username: "root" }

admin: { keypath: "../keys/admin.pub", username: "root" }
techguy: { keypath: "../keys/techguy.pub", username: "root" }

+ 10
- 0
keys-ansible/readme.md View File

@@ -0,0 +1,10 @@
# Ansible centralized keys management

Dicts in parent group merges with dicts in child groups. Warning! Playbook will delete all public keys and setup own **super** key, only after this public keys in group_vars will be added into users authorized_keys files.

**Security issue!** You need to generate your own super key! Run ```ssh-keygen -f super``` and replace keys in ```super/``` directory.

---
Copyright by Vladimir Smagin, 2018
http://blindage.org
21h@blindage.org

+ 1
- 1
keys-ansible/roles/master_key/tasks/main.yml View File

@@ -1,5 +1,5 @@
---
- name: Set administrative keys and delete others
- name: Set primary ansible key and remove others
authorized_key:
user: root
state: present

+ 7
- 7
keys-ansible/roles/ssh_access/tasks/main.yml View File

@@ -2,11 +2,11 @@
#- debug:
# msg: "{{ access_list }}"
- name: Set authorized keys
- name: Set public keys
become: true
become_user: "{{ item.username }}"
authorized_key: user="{{ item.username }}" key="{{ lookup('file', item.keypath) }}" state=present
with_items: "{{ access_list }}"
become_user: "{{ item.value.username }}"
authorized_key: user="{{ item.value.username }}" key="{{ lookup('file', item.value.keypath) }}" state=present
with_dict: "{{ access_list }}"
when: access_list != None and access_list is defined

#- debug:
@@ -14,8 +14,8 @@

- name: Upload secret keys
become: true
become_user: "{{ item.username }}"
copy: src="{{ item.keypath }}" dest="~/.ssh/{{ item.keypath | basename }}" mode=0600
with_items: "{{ secret_list }}"
become_user: "{{ item.value.username }}"
copy: src="{{ item.value.keypath }}" dest="~/.ssh/{{ item.value.keypath | basename }}" mode=0600
with_dict: "{{ secret_list }}"
when: secret_list != None and secret_list is defined


Loading…
Cancel
Save