GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → vmware-archive → ansible-role-sshkeys

vmware-archive / ansible-role-sshkeys

Licence: other
No description, website, or topics provided.

Programming Languages

python
139335 projects - #7 most used programming language

ansible-role-sshkeys

Ansible module for creating and rotating SSH keys on fleets of servers. The work was inspired (though dramatically altered and upgraded) by an article about the topic authored (posted online) by Jesse Keating, June 7, 2014.

On every run, this role will

  • create a new local ssh key,
  • copy that key to all remote hosts
  • replace our main local ssh key with the newly created key

General use case is to run this role in a playbook using the --ask-password parameter to ansible-playbook to be able to run future plays without password entry. Re-running the same play without password will result in rotating the keys of the local ssh user and all remote hosts.

For ansible to use the generated ssh key, make sure ansible.cfg has a line like private_key_file = your-private-key, where your-private-key is the location used in the variable sshkeys_local_final_pub_key

When trying to rotate keys, unreachable hosts result in loss of key sync. You will need to re-sync those hosts using a password when they are reachable.

Requirements

Must have ssh-keygen locally and be running openssh on the remote hosts

Role Variables

Available variables can be found in vars.

Key variables are:

sshkeys_local_user

Local user who should own the ssh keys. By default, we'll use the user running the ansible play.

sshkeys_remote_user
sshkeys_remote_group

User and group that we will ssh in as on the remote side. By default, these will be set to the ansible_ssh_user

sshkeys_local_final_priv_key: "{{ sshkeys_local_dir }}/ansible_role_test_key"
sshkeys_local_final_pub_key: "{{ sshkeys_local_final_priv_key }}.pub"

Location of the final public and private key storage. These are the keys ansible should use to connect to the remote hosts passwordless.

Example playbook


---
- hosts: sshhosts
  roles:
    - sshkeys

License and Copyright

Copyright 2015-2017 VMware, Inc. All rights reserved.

SPDX-License-Identifier: Apache-2.0 OR GPL-3.0-only

This code is Dual Licensed Apache-2.0 or GPLv3

Author Information

This role was created in 2015 by Tom Hite / VMware.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].