openstack/openstack-ansible
Code Issues Proposed changes
Files
bb1f0acbe201339e0eb485a6f52421154957a2e7
openstack-ansible/tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml
Dmitriy Rabotyagov 96b0b4a7b6 Use FQCN for modules and fix YAML issues 
With migration to FQCN in roles it's time to adjust our integrated
repo content to match the same pattern and pass modern ansible-lint
checks.

Change-Id: Ieb58c77a8b36b9a508f9b726b688898d83092031
2025-04-13 17:17:44 +00:00

76 lines
2.0 KiB
YAML
Raw Blame History

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure root has a .ssh directory
ansible.builtin.file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: "0700"
tags:
- ssh-key-dir
- name: Check for existing ssh private key file
ansible.builtin.stat:
path: /root/.ssh/id_rsa
register: ssh_key_private
tags:
- ssh-key-check
- name: Check for existing ssh public key file
ansible.builtin.stat:
path: /root/.ssh/id_rsa.pub
register: ssh_key_public
tags:
- ssh-key-check
- name: Remove an existing private/public ssh keys if one is missing
ansible.builtin.file:
path: "/root/.ssh/{{ item }}"
state: absent
when: not ssh_key_public.stat.exists or not ssh_key_private.stat.exists
with_items:
- 'id_rsa'
- 'id_rsa.pub'
tags:
- ssh-key-clean
- name: Create ssh key pair for root
ansible.builtin.user:
name: root
generate_ssh_key: true
ssh_key_bits: 2048
ssh_key_file: /root/.ssh/id_rsa
tags:
- ssh-key-generate
- name: Fetch the generated public ssh key
ansible.builtin.fetch:
src: "/root/.ssh/id_rsa.pub"
dest: "/tmp/id_rsa.pub"
flat: true
when: inventory_hostname == groups['all'][0]
tags:
- ssh-key-authorized
- name: Ensure root's new public ssh key is in authorized_keys
ansible.posix.authorized_key:
user: root
key: "{{ lookup('file', '/tmp/id_rsa.pub') }}"
manage_dir: false
tags:
- ssh-key-authorized
View Git Blame Copy Permalink