add rotate ssh module to matrix-awx
This commit is contained in:
parent
8339103594
commit
6902ee5aa7
|
@ -26,7 +26,7 @@ The following repositories allow you to copy and use this setup:
|
||||||
|
|
||||||
Updates to this section are trailed here:
|
Updates to this section are trailed here:
|
||||||
|
|
||||||
[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/gomatrixhosting-matrix-docker-ansible-deploy)
|
[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/matrix-docker-ansible-deploy)
|
||||||
|
|
||||||
|
|
||||||
## Does I need an AWX setup to use this? How do I configure it?
|
## Does I need an AWX setup to use this? How do I configure it?
|
||||||
|
|
|
@ -62,6 +62,15 @@
|
||||||
tags:
|
tags:
|
||||||
- purge-database
|
- purge-database
|
||||||
|
|
||||||
|
# Rotate SSH key if called
|
||||||
|
- include_tasks:
|
||||||
|
file: "rotate_ssh.yml"
|
||||||
|
apply:
|
||||||
|
tags: rotate-ssh
|
||||||
|
when: run_setup|bool and matrix_awx_enabled|bool
|
||||||
|
tags:
|
||||||
|
- rotate-ssh
|
||||||
|
|
||||||
# Import configs, media repo from /chroot/backup import
|
# Import configs, media repo from /chroot/backup import
|
||||||
- include_tasks:
|
- include_tasks:
|
||||||
file: "import_awx.yml"
|
file: "import_awx.yml"
|
||||||
|
|
23
roles/matrix-awx/tasks/rotate_ssh.yml
Normal file
23
roles/matrix-awx/tasks/rotate_ssh.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
|
||||||
|
#- name: Update authorized_keys with new client public key
|
||||||
|
# #delegate_to: "matrix.{{ id_array.0 }}"
|
||||||
|
# delegate_to: "{{ id_array.0 }}"
|
||||||
|
# shell: |
|
||||||
|
# cp /root/.ssh/authorized_keys /root/.ssh/authorized_keys.backup \
|
||||||
|
# && truncate -s 0 /root/.ssh/authorized_keys \
|
||||||
|
# && echo "{{ new_ssh_public_key }}" >> /root/.ssh/authorized_keys
|
||||||
|
|
||||||
|
- name: Set the new authorized key taken from file
|
||||||
|
authorized_key:
|
||||||
|
user: root
|
||||||
|
state: present
|
||||||
|
exclusive: yes
|
||||||
|
key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}"
|
||||||
|
|
||||||
|
- name: Set boolean value to exit playbook
|
||||||
|
set_fact:
|
||||||
|
end_playbook: true
|
||||||
|
|
||||||
|
- name: End playbook if this task list is called.
|
||||||
|
meta: end_play
|
||||||
|
when: end_playbook is defined and end_playbook|bool
|
Loading…
Reference in a new issue