Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

32 lines
1.1 KiB

  1. .. highlight:: yaml
  2. ssh_server
  3. =========
  4. SSH Certificate
  5. ---------------
  6. During the execution of this role the vm host key will be used to create a certificate signin request.
  7. This requests will be "posted" to the service known as ca manager and ansible will then wait for a certificate from the same service.
  8. This is accomplished using ssh as a mean of transport, the specific task for a signin requests is alwasys like this
  9. .. code-block:: yaml
  10. - name: generate host request
  11. set_fact:
  12. cert_request:
  13. type: 'sign_request'
  14. request:
  15. keyType: 'ssh_host'
  16. hostName: '{{ vm_name }}'
  17. keyData: '{{ vm_public_key.text}}'
  18. - name: start sign request
  19. raw: "{{ cert_request | to_json }}"
  20. delegate_to: ca_request
  21. register: request_result
  22. failed_when: "( request_result.stdout | from_json ).failed"
  23. To sign this certificate an admin must log onto the ca manager machine with the user *sign* and follow the procedure to sign a request with an appropriate certification authority.