From 55e1fdc184a66eeb43fc04cabbdaa60ab9ad2c7c Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Mon, 4 Jul 2022 21:57:24 +0200
Subject: [PATCH] [ssh_known_hosts] ssh_known_hosts is a service not a role

---
 group_vars/all/ssh_known_hosts.yml                | 15 +++++++++++++++
 group_vars/aurore/ssh_known_hosts.yml             |  5 +++++
 group_vars/viarezo/ssh_known_hosts.yml            |  5 +++++
 host_vars/sputnik.adm.crans.org.yml               |  5 +++++
 plays/ssh_known_hosts.yml                         |  4 +++-
 roles/ssh_known_hosts/tasks/main.yml              |  5 -----
 .../templates/ssh/ssh_known_hosts.j2              |  9 ---------
 7 files changed, 33 insertions(+), 15 deletions(-)
 create mode 100644 group_vars/all/ssh_known_hosts.yml
 create mode 100644 group_vars/aurore/ssh_known_hosts.yml
 create mode 100644 group_vars/viarezo/ssh_known_hosts.yml
 delete mode 100644 roles/ssh_known_hosts/tasks/main.yml
 delete mode 100644 roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2

diff --git a/group_vars/all/ssh_known_hosts.yml b/group_vars/all/ssh_known_hosts.yml
new file mode 100644
index 00000000..3e29c6cc
--- /dev/null
+++ b/group_vars/all/ssh_known_hosts.yml
@@ -0,0 +1,15 @@
+---
+glob_service_ssh_known_hosts:
+  name: ssh_known_hosts
+  install_dir: /var/local/services/ssh_known_hosts
+  dependencies:
+    - python3-ldap
+    - python3-jinja2
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/ssh_known_hosts.git
+    version: main
+  cron:
+    frequency: "*/10 * * * *"
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
diff --git a/group_vars/aurore/ssh_known_hosts.yml b/group_vars/aurore/ssh_known_hosts.yml
new file mode 100644
index 00000000..3279c0d3
--- /dev/null
+++ b/group_vars/aurore/ssh_known_hosts.yml
@@ -0,0 +1,5 @@
+---
+loc_service_ssh_known_hosts:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}"
diff --git a/group_vars/viarezo/ssh_known_hosts.yml b/group_vars/viarezo/ssh_known_hosts.yml
new file mode 100644
index 00000000..a38dade9
--- /dev/null
+++ b/group_vars/viarezo/ssh_known_hosts.yml
@@ -0,0 +1,5 @@
+---
+loc_service_ssh_known_hosts:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}"
diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml
index 5416e20b..b9390d09 100644
--- a/host_vars/sputnik.adm.crans.org.yml
+++ b/host_vars/sputnik.adm.crans.org.yml
@@ -117,3 +117,8 @@ loc_bind:
   default:
     type: slave
     primaries: "{{ query('ldap', 'ip', 'silice', 'adm') }}"
+
+loc_service_ssh_known_hosts:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}"
diff --git a/plays/ssh_known_hosts.yml b/plays/ssh_known_hosts.yml
index 2b4cf784..cbb8588d 100755
--- a/plays/ssh_known_hosts.yml
+++ b/plays/ssh_known_hosts.yml
@@ -1,5 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: server
+  vars:
+    service: "{{ glob_service_ssh_known_hosts | default({}) | combine(loc_service_ssh_known_hosts | default({})) }}"
   roles:
-    - ssh_known_hosts
+    - service
diff --git a/roles/ssh_known_hosts/tasks/main.yml b/roles/ssh_known_hosts/tasks/main.yml
deleted file mode 100644
index 5f820080..00000000
--- a/roles/ssh_known_hosts/tasks/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name:
-  template:
-    src: ssh/ssh_known_hosts.j2
-    dest: /etc/ssh/ssh_known_hosts
diff --git a/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2 b/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
deleted file mode 100644
index 80371c08..00000000
--- a/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-{{ ansible_header | comment }}
-{% set hosts = query('ldap', 'query', 'ou=hosts,dc=crans,dc=org', 'one', 'objectClass=device') %}
-{% for host, device in hosts.items() | sort(attribute='0') %}
-{% set cns = query('ldap', 'all_cn', hosts[host].cn[0]) | sort %}
-{% set ips = query('ldap', 'all_ip', hosts[host].cn[0]) | sort %}
-{% for key in query('ldap', 'ssh_keys', hosts[host].cn[0]) | sort %}
-{{ hosts[host].cn[0] }},{{ cns | join(',') }},{{ ips | join(',') }} {{ key }} root@{{ hosts[host].cn[0] }}
-{% endfor %}
-{% endfor %}