fetch user certificate for backup server

2023-04-10 15:04:53 +02:00 · 2023-04-10 15:04:53 +02:00 · 3c41b72c9b
commit 3c41b72c9b
parent 180445348e
6 changed files with 61 additions and 6 deletions
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@ -4,12 +4,41 @@
    user: "{{ ansible_user_id }}"
  loop: "{{ admin_public_keys }}"
 - name: Copy host public key
-  template:
-    src: "{{ role_path }}/templates/ssh_host_ed25519_key.pub.j2"
+  copy:
    dest: "/etc/ssh/ssh_host_ed25519_key.pub"
+    content: "{{ dataserver_public_key }}"
    mode: 0644
 - name: Copy host private key
  copy:
    src: "{{ role_path }}/files/ssh_host_ed25519_key"
    dest: "/etc/ssh/ssh_host_ed25519_key"
    mode: 0600
+- name: Copy user public key
+  copy:
+    dest: "/etc/ssh/ssh_user_ed25519_key.pub"
+    content: "{{ user_public_key }}"
+    mode: 0644
+- name: Copy user private key
+  copy:
+    src: "{{ role_path }}/files/ssh_user_ed25519_key"
+    dest: "/etc/ssh/ssh_user_ed25519_key"
+    mode: 0600
+- name: Copy ssh config
+  copy:
+    src: "{{ role_path }}/files/ssh.conf"
+    dest: "/etc/ssh/ssh_config.d/custom.conf"
+- name: Check certificate existance
+  stat:
+    path: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
+  register: cert_stat
+- name: Generate user certificate
+  command:
+    cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.dmz \"backup\"'"
+  register: cert
+  delegate_to: localhost
+  when: not cert_stat.stat.exists
+- name: Place user certificate
+  copy:
+    dest: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
+    content: "{{ cert.stdout }}"
+  when: not cert_stat.stat.exists