[ssh_known_hosts] ssh_known_hosts is a service not a role

2022-07-04 21:57:24 +02:00 · 2022-07-04 21:57:24 +02:00 · 55e1fdc184
parent 304f95c33b
commit 55e1fdc184
7 changed files with 33 additions and 15 deletions
--- a/group_vars/all/ssh_known_hosts.yml
+++ b/group_vars/all/ssh_known_hosts.yml
@ -0,0 +1,15 @@
+---
+glob_service_ssh_known_hosts:
+  name: ssh_known_hosts
+  install_dir: /var/local/services/ssh_known_hosts
+  dependencies:
+    - python3-ldap
+    - python3-jinja2
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/ssh_known_hosts.git
+    version: main
+  cron:
+    frequency: "*/10 * * * *"
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
--- a/group_vars/aurore/ssh_known_hosts.yml
+++ b/group_vars/aurore/ssh_known_hosts.yml
@ -0,0 +1,5 @@
+---
+loc_service_ssh_known_hosts:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}"
--- a/group_vars/viarezo/ssh_known_hosts.yml
+++ b/group_vars/viarezo/ssh_known_hosts.yml
@ -0,0 +1,5 @@
+---
+loc_service_ssh_known_hosts:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}"
--- a/host_vars/sputnik.adm.crans.org.yml
+++ b/host_vars/sputnik.adm.crans.org.yml
@ -117,3 +117,8 @@ loc_bind:
  default:
    type: slave
    primaries: "{{ query('ldap', 'ip', 'silice', 'adm') }}"
+
+loc_service_ssh_known_hosts:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}"
--- a/plays/ssh_known_hosts.yml
+++ b/plays/ssh_known_hosts.yml
@ -1,5 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: server
+  vars:
+    service: "{{ glob_service_ssh_known_hosts | default({}) | combine(loc_service_ssh_known_hosts | default({})) }}"
  roles:
-    - ssh_known_hosts
+    - service
--- a/roles/ssh_known_hosts/tasks/main.yml
+++ b/roles/ssh_known_hosts/tasks/main.yml
@ -1,5 +0,0 @@
---
- name:
-  template:
-    src: ssh/ssh_known_hosts.j2
-    dest: /etc/ssh/ssh_known_hosts
--- a/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
+++ b/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
@ -1,9 +0,0 @@
-{{ ansible_header | comment }}
-{% set hosts = query('ldap', 'query', 'ou=hosts,dc=crans,dc=org', 'one', 'objectClass=device') %}
-{% for host, device in hosts.items() | sort(attribute='0') %}
-{% set cns = query('ldap', 'all_cn', hosts[host].cn[0]) | sort %}
-{% set ips = query('ldap', 'all_ip', hosts[host].cn[0]) | sort %}
-{% for key in query('ldap', 'ssh_keys', hosts[host].cn[0]) | sort %}
-{{ hosts[host].cn[0] }},{{ cns | join(',') }},{{ ips | join(',') }} {{ key }} root@{{ hosts[host].cn[0] }}
-{% endfor %}
-{% endfor %}