|
@ -23,14 +23,6 @@ |
|
|
dest: "/etc/ssh/user_ca.pub" |
|
|
dest: "/etc/ssh/user_ca.pub" |
|
|
notify: restart ssh |
|
|
notify: restart ssh |
|
|
|
|
|
|
|
|
#- name: Check if host certificate is valid |
|
|
|
|
|
# shell: '[[ $(ssh-keygen -f /etc/ssh/ssh_host_ed25519_key-cert.pub -L |grep "$(ssh-keygen -f /etc/ssh/user_ca.pub -l|cut -d " " -f 2)" -A 3 |grep Valid |cut -d " " -f 13) > $(date +%Y-%m-%dT%H:%M:%S --date "+1 month") ]]' |
|
|
|
|
|
# args: |
|
|
|
|
|
# executable: /bin/bash |
|
|
|
|
|
# register: vm_has_valid_ssh_certificate |
|
|
|
|
|
# changed_when: false |
|
|
|
|
|
# failed_when: false |
|
|
|
|
|
|
|
|
|
|
|
- name: Validate SSH host certificate if any |
|
|
- name: Validate SSH host certificate if any |
|
|
ssh_cert: |
|
|
ssh_cert: |
|
|
register: ssh_verification |
|
|
register: ssh_verification |
|
@ -41,27 +33,12 @@ |
|
|
verbosity: 2 |
|
|
verbosity: 2 |
|
|
|
|
|
|
|
|
- block: |
|
|
- block: |
|
|
- name: Read host public key |
|
|
|
|
|
slurp: |
|
|
|
|
|
src: "/etc/ssh/ssh_host_ed25519_key.pub" |
|
|
|
|
|
register: vm_public_key |
|
|
|
|
|
|
|
|
|
|
|
- debug: |
|
|
|
|
|
var: vm_public_key['content'] |
|
|
|
|
|
verbosity: 2 |
|
|
|
|
|
|
|
|
|
|
|
- name: generate host request |
|
|
|
|
|
set_fact: |
|
|
|
|
|
ca_request: |
|
|
|
|
|
type: 'sign_request' |
|
|
|
|
|
request: |
|
|
|
|
|
keyType: 'ssh_host' |
|
|
|
|
|
hostName: '{{ ansible_docker_extra_args or inventory_hostname }}.lilik.it' |
|
|
|
|
|
keyData: "{{ vm_public_key['content'] | b64decode | replace('\n', '')}}" |
|
|
|
|
|
|
|
|
|
|
|
- debug: |
|
|
|
|
|
var: ca_request | to_json |
|
|
|
|
|
verbosity: 2 |
|
|
|
|
|
|
|
|
- name: Generate host request |
|
|
|
|
|
host_request: |
|
|
|
|
|
host: "{{ server_fqdn }}" |
|
|
|
|
|
path: "/etc/ssh/ssh_host_ed25519_key.pub" |
|
|
|
|
|
proto: "ssh" |
|
|
|
|
|
register: ca_request |
|
|
|
|
|
|
|
|
- name: start sign request |
|
|
- name: start sign request |
|
|
include: ca-dialog.yaml |
|
|
include: ca-dialog.yaml |
|
|