simplify ssh host key configuration

4 years ago · 426ac99b91
parent 06c572ffc3
commit 426ac99b91
2 changed files with 16 additions and 63 deletions
--- a/roles/common/tasks/sshd.yml
+++ b/roles/common/tasks/sshd.yml
@ -1,83 +1,31 @@
 ---
 #
 # Set ssh host keys
- name: initialize list of host keys to copy over
+#
  set_fact:
    ssh_host_keyfiles: []
  tags: [ sshd ]
 - name: find local copy of dsa host key
  delegate_to: localhost
  stat:
    path: roles/common/files/etc/ssh/ssh_host_dsa_key.{{ myconfig.hostname }}
  register: result
  tags: [ sshd ]
 - name: add dsa key to list if found
  set_fact:
    ssh_host_keyfiles: "{{ ssh_host_keyfiles }} + [ 'etc/ssh/ssh_host_dsa_key.{{ myconfig.hostname }}' ]"
  when: result.stat.exists == true
  tags: [ sshd ]
 - name: find local copy of rsa host key
  delegate_to: localhost
  stat:
    path: roles/common/files/etc/ssh/ssh_host_rsa_key.{{ myconfig.hostname }}
  register: result
  tags: [ sshd ]
 - name: add rsa key to list if found
  set_fact:
    ssh_host_keyfiles: "{{ ssh_host_keyfiles }} + [ 'etc/ssh/ssh_host_rsa_key.{{ myconfig.hostname }}' ]"
  when: result.stat.exists == true
  tags: [ sshd ]
 - name: find local copy of ed25519 host key
  delegate_to: localhost
  stat:
    path: roles/common/files/etc/ssh/ssh_host_ed25519_key.{{ myconfig.hostname }}
  register: result
  tags: [ sshd ]
 - name: add ed25519 key to list if found
  set_fact:
    ssh_host_keyfiles: "{{ ssh_host_keyfiles }} + [ 'etc/ssh/ssh_host_ed25519_key.{{ myconfig.hostname }}' ]"
  when: result.stat.exists == true
  tags: [ sshd ]
 - name: find local copy of ecdsa host key
  delegate_to: localhost
  stat:
    path: roles/common/files/etc/ssh/ssh_host_ecdsa_key.{{ myconfig.hostname }}
  register: result
  tags: [ sshd ]
 - name: add ecdsa key to list if found
  set_fact:
    ssh_host_keyfiles: "{{ ssh_host_keyfiles }} + [ 'etc/ssh/ssh_host_ecdsa_key.{{ myconfig.hostname }}' ]"
  when: result.stat.exists == true
  tags: [ sshd ]
 - name: set SSH host keys
  copy:
    src: "{{ item }}"
-    dest: "/{{ item }}"
+    dest: "/{{ item.split('.')[0] }}"
    owner: root
    group: root
    mode: '0600'
-  with_items: "{{ ssh_host_keyfiles }}"
+  with_items: "{{ myconfig.ssh_host_key_files }}"
  register: result
  when: "'ssh_host_key_files' in myconfig"
  tags: [ sshd ]
 - name: remove old SSH host public keys
  file:
-    path: "/{{ item }}.pub"
+    path: "/{{ item.split('.')[0] }}.pub"
    state: absent
-  with_items: "{{ ssh_host_keyfiles }}"
+  with_items: "{{ myconfig.ssh_host_key_files }}"
-  when: result is changed
+  when: "'ssh_host_key_files' in myconfig and result is changed"
  tags: [ sshd ]
 - name: regenerate SSH host public keys
  shell:
-    cmd: "ssh-keygen -y -f /{{ item }} > /{{ item }}.pub"
+    cmd: "ssh-keygen -y -f /{{ item.split('.')[0] }} > /{{ item.split('.')[0] }}.pub"
    creates: "/{{ item }}.pub"
-  with_items: "{{ ssh_host_keyfiles }}"
+  with_items: "{{ myconfig.ssh_host_key_files }}"
-  when: result is changed
+  when: "'ssh_host_key_files' in myconfig and result is changed"
  tags: [ sshd ]
--- a/roles/common/vars/main.yml
+++ b/roles/common/vars/main.yml
@ -19,6 +19,11 @@ macaddrs:
        enable_serial_hw: True
        enable_onewire: False
        enable_rgpio: False
        ssh_host_key_files:
          - etc/ssh/ssh_host_rsa_key.cloverdale
          - etc/ssh/ssh_host_dsa_key.cloverdale
          - etc/ssh/ssh_host_ecdsa_key.cloverdale
          - etc/ssh/ssh_host_ed25519_key.cloverdale
    b8:27:eb:39:d7:57:
        hostname: "clovermine"
        domain: "local"