firewall: use slurp instead of generic command to get host key

This commit is contained in:
Timotej Lazar 2024-02-22 09:28:37 +01:00
parent cacf46c891
commit 7fe1dac008

View file

@ -44,9 +44,9 @@
authorized_key: "user=root key={{ master_key.stdout }}" authorized_key: "user=root key={{ master_key.stdout }}"
- name: Get my host SSH key - name: Get my host SSH key
command: cat /etc/ssh/ssh_host_ed25519_key.pub slurp:
src: /etc/ssh/ssh_host_ed25519_key.pub
register: node_key register: node_key
changed_when: false
- name: Introduce myself to master - name: Introduce myself to master
delegate_to: '{{ master }}' delegate_to: '{{ master }}'
@ -56,4 +56,4 @@
become_flags: "-s /bin/sh" # no login shell for user become_flags: "-s /bin/sh" # no login shell for user
known_hosts: known_hosts:
name: "{{ inventory_hostname }}" name: "{{ inventory_hostname }}"
key: "{{ inventory_hostname }},{{ interfaces | selectattr('name', '==', 'lo') | map(attribute='ip_addresses') | first | selectattr('role') | selectattr('role.value', '==', 'loopback') | map(attribute='address') | ipv4 | first | ipaddr('address') }} {{ node_key.stdout }}" # TODO make IP retrieval less terrifying key: "{{ inventory_hostname }},{{ interfaces | selectattr('name', '==', 'lo') | map(attribute='ip_addresses') | first | selectattr('role') | selectattr('role.value', '==', 'loopback') | map(attribute='address') | ipv4 | first | ipaddr('address') }} {{ node_key.content | b64decode }}" # TODO make IP retrieval less terrifying