.. highlight:: yaml
|
|
|
|
ssh_server
|
|
=========
|
|
|
|
SSH Certificate
|
|
---------------
|
|
|
|
During the execution of this role the vm host key will be used to create a certificate signin request.
|
|
|
|
This requests will be "posted" to the service known as ca manager and ansible will then wait for a certificate from the same service.
|
|
|
|
This is accomplished using ssh as a mean of transport, the specific task for a signin requests is alwasys like this
|
|
|
|
.. code-block:: yaml
|
|
|
|
- name: generate host request
|
|
set_fact:
|
|
cert_request:
|
|
type: 'sign_request'
|
|
request:
|
|
keyType: 'ssh_host'
|
|
hostName: '{{ vm_name }}'
|
|
keyData: '{{ vm_public_key.text}}'
|
|
|
|
- name: start sign request
|
|
raw: "{{ cert_request | to_json }}"
|
|
delegate_to: ca_request
|
|
register: request_result
|
|
failed_when: "( request_result.stdout | from_json ).failed"
|
|
|
|
To sign this certificate an admin must log onto the ca manager machine with the user *sign* and follow the procedure to sign a request with an appropriate certification authority.
|