update..
This commit is contained in:
@ -95,6 +95,19 @@
|
||||
tags:
|
||||
- authorized_key
|
||||
|
||||
- name: (users.yml) other entries authorized_key files
|
||||
authorized_key:
|
||||
user: "{{ item.user }}"
|
||||
key: "{{ item.key }}"
|
||||
state: present
|
||||
loop: "{{ entries_authorized_key }}"
|
||||
loop_control:
|
||||
label: "{{ item.user }}"
|
||||
when:
|
||||
- entries_authorized_key is defined
|
||||
- entries_authorized_key|length > 0
|
||||
|
||||
|
||||
# ---
|
||||
# - extra system groups
|
||||
# ---
|
||||
@ -144,8 +157,9 @@
|
||||
loop_control:
|
||||
label: '{{ item.priv_key_dest }}'
|
||||
when:
|
||||
- ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
|
||||
- insert_ssh_keypair_backup_server|bool
|
||||
- ssh_keypair_backup_server is defined
|
||||
- ssh_keypair_backup_server|length > 0
|
||||
tags:
|
||||
- insert-ssh-keypair-backup-server
|
||||
- keypair-backup-server
|
||||
@ -162,8 +176,9 @@
|
||||
loop_control:
|
||||
label: '{{ item.pub_key_dest }}'
|
||||
when:
|
||||
- ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
|
||||
- insert_ssh_keypair_backup_server|bool
|
||||
- ssh_keypair_backup_server is defined
|
||||
- ssh_keypair_backup_server|length > 0
|
||||
tags:
|
||||
- insert-ssh-keypair-backup-server
|
||||
- keypair-backup-server
|
||||
@ -177,7 +192,9 @@
|
||||
loop: "{{ ssh_keypair_backup_server }}"
|
||||
loop_control:
|
||||
label: 'authorized_keys - user: {{ item.backup_user }}'
|
||||
when: ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
|
||||
when:
|
||||
- ssh_keypair_backup_server is defined
|
||||
- ssh_keypair_backup_server|length > 0
|
||||
tags:
|
||||
- authorized_key
|
||||
- keypair-backup-server
|
||||
@ -192,26 +209,76 @@
|
||||
path: /root/.ssh
|
||||
state: directory
|
||||
|
||||
- name: (users.yml) Copy default ed25519 ssh private key to user root
|
||||
- name: (users.yml) Copy (backup) ed25519 ssh private key to user root
|
||||
copy:
|
||||
src: '{{ item.priv_key_src }}'
|
||||
dest: '{{ item.priv_key_dest }}'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
#when: groups['oopen_server']|string is search(inventory_hostname)
|
||||
when:
|
||||
- insert_root_ssh_keypair|bool
|
||||
- groups['backup_server']|string is not search(inventory_hostname)
|
||||
- insert_keypair_backup_client|bool
|
||||
- ssh_keypair_backup_client is defined
|
||||
- ssh_keypair_backup_client|length > 0
|
||||
loop: "{{ ssh_keypair_backup_client }}"
|
||||
loop_control:
|
||||
label: 'dest: {{ item.priv_key_dest }}'
|
||||
tags:
|
||||
- insert_ssh_keypair_backup_server
|
||||
|
||||
- name: (users.yml) Copy (backup) ed25519 ssh public key to user root
|
||||
copy:
|
||||
src: '{{ item.pub_key_src }}'
|
||||
dest: '{{ item.pub_key_dest }}'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
when:
|
||||
- insert_keypair_backup_client|bool
|
||||
- ssh_keypair_backup_client is defined
|
||||
- ssh_keypair_backup_client|length > 0
|
||||
loop: "{{ ssh_keypair_backup_client }}"
|
||||
loop_control:
|
||||
label: 'dest: {{ item.pub_key_dest }}'
|
||||
tags:
|
||||
- insert_ssh_keypair_backup_server
|
||||
|
||||
- name: (users.yml) Ensure authorized_key (root) on backup hosts contains public key
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ lookup('file', item.pub_key_src) }}"
|
||||
state: present
|
||||
loop: "{{ ssh_keypair_backup_client }}"
|
||||
loop_control:
|
||||
label: 'authorized_keys - user: root'
|
||||
when:
|
||||
- inventory_hostname == item.target
|
||||
- ssh_keypair_backup_client is defined
|
||||
- ssh_keypair_backup_client|length > 0
|
||||
tags:
|
||||
- authorized_key
|
||||
- ssh-keypair-backup-server
|
||||
|
||||
|
||||
- name: (users.yml) Copy further ssh private key(s) to user root
|
||||
copy:
|
||||
src: '{{ item.priv_key_src }}'
|
||||
dest: '{{ item.priv_key_dest }}'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
loop: "{{ root_ssh_keypair }}"
|
||||
loop_control:
|
||||
label: 'dest: {{ item.priv_key_dest }}'
|
||||
#with_items: '{{ root_ssh_keypair }}'
|
||||
when:
|
||||
- insert_root_ssh_keypair|bool
|
||||
- root_ssh_keypair is defined
|
||||
- root_ssh_keypair|length > 0
|
||||
tags:
|
||||
- insert_root_ssh_keypair
|
||||
- root-defaut-ssh-keypair
|
||||
|
||||
- name: (users.yml) Copy default ed25519 ssh public key to user root
|
||||
- name: (users.yml) Copy further ssh public key(s) to user root
|
||||
copy:
|
||||
src: '{{ item.pub_key_src }}'
|
||||
dest: '{{ item.pub_key_dest }}'
|
||||
@ -221,25 +288,11 @@
|
||||
loop: "{{ root_ssh_keypair }}"
|
||||
loop_control:
|
||||
label: 'dest: {{ item.pub_key_dest }}'
|
||||
#with_items: '{{ root_ssh_keypair }}'
|
||||
when:
|
||||
- insert_root_ssh_keypair|bool
|
||||
- groups['backup_server']|string is not search(inventory_hostname)
|
||||
- root_ssh_keypair is defined
|
||||
- root_ssh_keypair|length > 0
|
||||
tags:
|
||||
- insert_root_ssh_keypair
|
||||
- root-defaut-ssh-keypair
|
||||
|
||||
- name: (users.yml) Ensure authorized_key (root) on backup hosts contains public key
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ lookup('file', item.pub_key_src) }}"
|
||||
state: present
|
||||
loop: "{{ root_ssh_keypair }}"
|
||||
loop_control:
|
||||
label: 'authorized_keys - user: root'
|
||||
#with_items: '{{ root_ssh_keypair }}'
|
||||
when: inventory_hostname == item.target
|
||||
tags:
|
||||
- authorized_key
|
||||
- root-defaut-ssh-keypair
|
||||
|
||||
|
||||
Reference in New Issue
Block a user