ssh-ca/tasks/main.yml

---

- name: Generate key pair
  openssh_keypair:
    path: "/etc/ssh/{{ ssh_ca_key_name }}"
    type: "{{ ssh_ca_key_type }}"
    comment: "{{ ssh_ca_key_comment }}"
  register: key_pair

- name: Generate certificate
  openssh_cert:
    path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
    principals: "{{ ssh_ca_cert_principals }}"
    public_key: "/etc/ssh/{{ ssh_ca_key_name }}.pub"
    signature_algorithm: rsa-sha2-512
    signing_key: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"
    type: "{{ ssh_ca_type }}"
    valid_from: always
    valid_to: forever
init 2023-04-25 14:47:58 +00:00			`---`

			`- name: Generate key pair`
			`openssh_keypair:`
			`path: "/etc/ssh/{{ ssh_ca_key_name }}"`
			`type: "{{ ssh_ca_key_type }}"`
			`comment: "{{ ssh_ca_key_comment }}"`
			`register: key_pair`

			`- name: Generate certificate`
			`openssh_cert:`
			`path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"`
			`principals: "{{ ssh_ca_cert_principals }}"`
			`public_key: "/etc/ssh/{{ ssh_ca_key_name }}.pub"`
			`signature_algorithm: rsa-sha2-512`
			`signing_key: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"`
			`type: "{{ ssh_ca_type }}"`
			`valid_from: always`
			`valid_to: forever`