fix key not found

2023-04-25 17:01:37 +02:00 · 2023-04-25 17:01:37 +02:00 · 1651601f16
commit 1651601f16
parent dc0a8aaeae
1 changed files with 36 additions and 2 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -7,13 +7,47 @@
    comment: "{{ ssh_ca_key_comment }}"
  register: key_pair

+- name: Check certificate existance
+  stat:
+    path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
+  register: cert_state
+
+- name: Copy public key to local machine
+  copy:
+    dest: "/tmp/{{ ssh_ca_key_name }}.pub"
+    content: "{{ key_pair.public_key }}"
+  when: not cert_state.stat.exists
+
 - name: Generate certificate
  openssh_cert:
-    path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
+    path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
    principals: "{{ ssh_ca_cert_principals }}"
-    public_key: "/etc/ssh/{{ ssh_ca_key_name }}.pub"
+    public_key: "/tmp/{{ ssh_ca_key_name }}.pub"
    signature_algorithm: rsa-sha2-512
    signing_key: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"
    type: "{{ ssh_ca_type }}"
    valid_from: always
    valid_to: forever
+  delegate_to: localhost
+  when: not cert_state.stat.exists
+
+- name: Copy certificate to host
+  copy:
+    src: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
+    dest: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
+    mode: 0600
+  when: not cert_state.stat.exists
+
+- name: Delete local public key
+  file:
+    path: "/tmp/{{ ssh_ca_key_name }}.pub"
+    state: absent
+  delegate_to: localhost
+  when: not cert_state.stat.exists
+
+- name: Delete local certificate
+  file:
+    path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
+    state: absent
+  delegate_to: localhost
+  when: not cert_state.stat.exists