ansible-roles/provision_ansible_user
ansible-roles/provision_ansible_user
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

updated readme for more complex example

Browse Source
This commit is contained in:
Bertrand Lanson 2023-04-25 19:24:16 +02:00
parent 228d8e50bc
commit ac152bd9a0
1 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@ -87,27 +87,32 @@ Example Playbook
# calling the role inside a playbook with just-in-time provisioning of the ssh public key, and vault storage # calling the role inside a playbook with just-in-time provisioning of the ssh public key, and vault storage
- hosts: servers - hosts: servers
tasks: tasks:
- name: "Generate a keypair for {{ ansible_hostname }}" - name: "Dynamic ssh keys generation"
community.crypto.openssh_keypair:
path: "/tmp/id_ed25519_{{ ansible_hostname }}"
type: ed25519
delegate_to: localhost delegate_to: localhost
register: _keypair block:
- name: "Generate a keypair for {{ ansible_hostname }}"
community.crypto.openssh_keypair:
path: "/tmp/id_ed25519_{{ ansible_hostname }}"
type: ed25519
owner: root
group: root
delegate_to: localhost
register: _keypair
- name: "Write the private and public key to vault" - name: "Write the private and public key to vault"
community.hashi_vault.vault_write: community.hashi_vault.vault_write:
path: "ansible/ssh_logins/{{ ansible_hostname }}" url: https://vault.domain.tld
data: path: "ansible/hosts/{{ inventory_hostname }}"
data: data:
private_key: "{{ lookup('ansible.builtin.file', '/tmp//tmp/id_ed25519_' ~ ansible_hostname ) }}" private_key: "{{ lookup('ansible.builtin.file', '/tmp/id_ed25519_' ~ ansible_hostname ) }}\n"
public_key: "{{ _keypair.public_key }}" public_key: "{{ _keypair.public_key }}"
delegate_to: localhost delegate_to: localhost
- name: "Remove private_key files" - name: "Remove private_key files"
ansible.builtin.file: ansible.builtin.file:
path: "/tmp/id_ed25519_{{ ansible_hostname }}" path: "/tmp/id_ed25519_{{ ansible_hostname }}"
state: absent state: absent
delegate_to: localhost delegate_to: localhost
- name: "Provision ansible user" - name: "Provision ansible user"
ansible.builtin.include_role: ansible.builtin.include_role: