60 lines
1.6 KiB
YAML
60 lines
1.6 KiB
YAML
- name: Install packages for config updates
|
|
package:
|
|
name: tar
|
|
|
|
- name: Limit SSH for config updates
|
|
copy:
|
|
dest: /etc/ssh/
|
|
src: sshd_config.friwall
|
|
notify: reload sshd.friwall
|
|
|
|
- name: Create SSH service for config updates
|
|
file:
|
|
path: /etc/init.d/sshd.friwall
|
|
src: /etc/init.d/sshd
|
|
state: link
|
|
|
|
- name: Configure SSH service for config updates
|
|
copy:
|
|
dest: /etc/conf.d/sshd.friwall
|
|
content: |
|
|
cfgfile="/etc/ssh/sshd_config.friwall"
|
|
vrf="default"
|
|
notify: restart sshd.friwall
|
|
|
|
- name: Enable SSH service for config updates
|
|
service:
|
|
name: sshd.friwall
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Install config updater
|
|
copy:
|
|
dest: /usr/local/bin/
|
|
src: update
|
|
mode: 0700
|
|
|
|
- name: Get master SSH key
|
|
delegate_to: '{{ master }}'
|
|
command: "cat ~friwall/.ssh/id_ed25519.pub"
|
|
register: master_key
|
|
changed_when: false
|
|
|
|
- name: Deploy master key on node
|
|
authorized_key: "user=root key={{ master_key.stdout }}"
|
|
|
|
- name: Get my host SSH key
|
|
slurp:
|
|
src: /etc/ssh/ssh_host_ed25519_key.pub
|
|
register: node_key
|
|
|
|
- name: Introduce myself to master
|
|
delegate_to: '{{ master }}'
|
|
become: yes
|
|
become_user: friwall
|
|
become_method: su
|
|
become_flags: "-s /bin/sh" # no login shell for user
|
|
known_hosts:
|
|
name: "{{ inventory_hostname }}"
|
|
key: "{{ inventory_hostname }},{{ interfaces | selectattr('name', '==', 'lo') | map(attribute='ip_addresses') | first | selectattr('role') | selectattr('role.value', '==', 'loopback') | map(attribute='address') | ipv4 | first | ipaddr('address') }} {{ node_key.content | b64decode }}" # TODO make IP retrieval less terrifying
|