ssh-ca/tasks/main.yml

---

- name: Generate key pair
  openssh_keypair:
    path: "/etc/ssh/{{ ssh_ca_key_name }}"
    type: "{{ ssh_ca_key_type }}"
    comment: "{{ ssh_ca_key_comment }}"
  register: key_pair

- name: Check certificate existance
  stat:
    path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
  register: cert_state

- name: Copy public key to local machine
  copy:
    dest: "/tmp/{{ ssh_ca_key_name }}.pub"
    content: "{{ key_pair.public_key }}"
  delegate_to: localhost
  when: not cert_state.stat.exists

- name: Generate certificate
  openssh_cert:
    path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
    principals: "{{ ssh_ca_cert_principals }}"
    public_key: "/tmp/{{ ssh_ca_key_name }}.pub"
    signature_algorithm: rsa-sha2-512
    signing_key: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"
    type: "{{ ssh_ca_type }}"
    valid_from: always
    valid_to: forever
  delegate_to: localhost
  when: not cert_state.stat.exists

- name: Copy certificate to host
  copy:
    src: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
    dest: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
    mode: 0644
  when: not cert_state.stat.exists

- name: Delete local public key
  file:
    path: "/tmp/{{ ssh_ca_key_name }}.pub"
    state: absent
  delegate_to: localhost
  when: not cert_state.stat.exists

- name: Delete local certificate
  file:
    path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
    state: absent
  delegate_to: localhost
  when: not cert_state.stat.exists
init 2023-04-25 14:47:58 +00:00			`---`

			`- name: Generate key pair`
			`openssh_keypair:`
			`path: "/etc/ssh/{{ ssh_ca_key_name }}"`
			`type: "{{ ssh_ca_key_type }}"`
			`comment: "{{ ssh_ca_key_comment }}"`
			`register: key_pair`

fix key not found 2023-04-25 15:01:37 +00:00			`- name: Check certificate existance`
			`stat:`
			`path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"`
			`register: cert_state`

			`- name: Copy public key to local machine`
			`copy:`
			`dest: "/tmp/{{ ssh_ca_key_name }}.pub"`
			`content: "{{ key_pair.public_key }}"`
add correct delegation to localhost 2023-04-25 15:03:26 +00:00			`delegate_to: localhost`
fix key not found 2023-04-25 15:01:37 +00:00			`when: not cert_state.stat.exists`

init 2023-04-25 14:47:58 +00:00			`- name: Generate certificate`
			`openssh_cert:`
fix key not found 2023-04-25 15:01:37 +00:00			`path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"`
init 2023-04-25 14:47:58 +00:00			`principals: "{{ ssh_ca_cert_principals }}"`
fix key not found 2023-04-25 15:01:37 +00:00			`public_key: "/tmp/{{ ssh_ca_key_name }}.pub"`
init 2023-04-25 14:47:58 +00:00			`signature_algorithm: rsa-sha2-512`
			`signing_key: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"`
			`type: "{{ ssh_ca_type }}"`
			`valid_from: always`
			`valid_to: forever`
fix key not found 2023-04-25 15:01:37 +00:00			`delegate_to: localhost`
			`when: not cert_state.stat.exists`

			`- name: Copy certificate to host`
			`copy:`
			`src: "/tmp/{{ ssh_ca_key_name }}-cert.pub"`
			`dest: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"`
fix permissions on key files 2023-04-25 15:05:24 +00:00			`mode: 0644`
fix key not found 2023-04-25 15:01:37 +00:00			`when: not cert_state.stat.exists`

			`- name: Delete local public key`
			`file:`
			`path: "/tmp/{{ ssh_ca_key_name }}.pub"`
			`state: absent`
			`delegate_to: localhost`
			`when: not cert_state.stat.exists`

			`- name: Delete local certificate`
			`file:`
			`path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"`
			`state: absent`
			`delegate_to: localhost`
			`when: not cert_state.stat.exists`