rc/network
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

firewall: use slurp instead of generic command to get host key

Browse source
This commit is contained in:
Timotej Lazar 2024-02-22 09:28:37 +01:00
parent cacf46c891
commit 7fe1dac008
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/firewall/tasks/config.yml
View file

@ -44,9 +44,9 @@
authorized_key: "user=root key={{ master_key.stdout }}"
- name: Get my host SSH key
command: cat /etc/ssh/ssh_host_ed25519_key.pub
slurp:
src: /etc/ssh/ssh_host_ed25519_key.pub
register: node_key
changed_when: false
- name: Introduce myself to master
delegate_to: '{{ master }}'
@ -56,4 +56,4 @@
become_flags: "-s /bin/sh" # no login shell for user
known_hosts:
name: "{{ inventory_hostname }}"
key: "{{ inventory_hostname }},{{ interfaces | selectattr('name', '==', 'lo') | map(attribute='ip_addresses') | first | selectattr('role') | selectattr('role.value', '==', 'loopback') | map(attribute='address') | ipv4 | first | ipaddr('address') }} {{ node_key.stdout }}" # TODO make IP retrieval less terrifying
key: "{{ inventory_hostname }},{{ interfaces | selectattr('name', '==', 'lo') | map(attribute='ip_addresses') | first | selectattr('role') | selectattr('role.value', '==', 'loopback') | map(attribute='address') | ipv4 | first | ipaddr('address') }} {{ node_key.content | b64decode }}" # TODO make IP retrieval less terrifying