Ssh known hosts

2021-01-01 17:53:35 +01:00 · 2021-01-01 17:53:35 +01:00 · 2bcf91b975
parent d867c9356c
commit 2bcf91b975
4 changed files with 20 additions and 0 deletions
--- a/plays/gather_fact.yml
+++ b/plays/gather_fact.yml
@ -0,0 +1,3 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: all
--- a/plays/ssh_known_hosts.yml
+++ b/plays/ssh_known_hosts.yml
@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: crans_server
+  roles:
+    - ssh_known_hosts
--- a/roles/ssh_known_hosts/tasks/main.yml
+++ b/roles/ssh_known_hosts/tasks/main.yml
@ -0,0 +1,5 @@
+---
+- name:
+  template:
+    src: ssh/ssh_known_hosts.j2
+    dest: /etc/ssh/ssh_known_hosts
--- a/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
+++ b/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
@ -0,0 +1,7 @@
+{% for host in groups["server"] | sort %}
+{% for keytype in ['ecdsa', 'rsa', 'ed25519'] %}
+{% if 'ssh_host_key_{}_public'.format(keytype) in hostvars[host]['ansible_facts'].keys() %}
+{{ query('ldap', 'all_cn', hostvars[host]['ansible_facts']['hostname']) | join(',') }},{{ query('ldap', 'all_ip', hostvars[host]['ansible_facts']['hostname']) | join(',') }} ssh-{{ keytype }} {{ hostvars[host]['ansible_facts']['ssh_host_key_{}_public'.format(keytype)] }} root@{{ hostvars[host]['ansible_facts']['hostname'] }}
+{% endif %}
+{% endfor %}
+{% endfor %}