From 7fe1dac008534c6e13803ded6560aede607c73c1 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Thu, 22 Feb 2024 09:28:37 +0100 Subject: [PATCH] firewall: use slurp instead of generic command to get host key --- roles/firewall/tasks/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/firewall/tasks/config.yml b/roles/firewall/tasks/config.yml index 89c4204..8a0ea1b 100644 --- a/roles/firewall/tasks/config.yml +++ b/roles/firewall/tasks/config.yml @@ -44,9 +44,9 @@ authorized_key: "user=root key={{ master_key.stdout }}" - name: Get my host SSH key - command: cat /etc/ssh/ssh_host_ed25519_key.pub + slurp: + src: /etc/ssh/ssh_host_ed25519_key.pub register: node_key - changed_when: false - name: Introduce myself to master delegate_to: '{{ master }}' @@ -56,4 +56,4 @@ become_flags: "-s /bin/sh" # no login shell for user known_hosts: name: "{{ inventory_hostname }}" - key: "{{ inventory_hostname }},{{ interfaces | selectattr('name', '==', 'lo') | map(attribute='ip_addresses') | first | selectattr('role') | selectattr('role.value', '==', 'loopback') | map(attribute='address') | ipv4 | first | ipaddr('address') }} {{ node_key.stdout }}" # TODO make IP retrieval less terrifying + key: "{{ inventory_hostname }},{{ interfaces | selectattr('name', '==', 'lo') | map(attribute='ip_addresses') | first | selectattr('role') | selectattr('role.value', '==', 'loopback') | map(attribute='address') | ipv4 | first | ipaddr('address') }} {{ node_key.content | b64decode }}" # TODO make IP retrieval less terrifying