From 1651601f168fb6ffa2078be2890aaab1b4847e2b Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Tue, 25 Apr 2023 17:01:37 +0200
Subject: [PATCH] fix key not found

---
 tasks/main.yml | 38 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index ffb8612..15130eb 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -7,13 +7,47 @@
     comment: "{{ ssh_ca_key_comment }}"
   register: key_pair
 
+- name: Check certificate existance
+  stat:
+    path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
+  register: cert_state
+
+- name: Copy public key to local machine
+  copy:
+    dest: "/tmp/{{ ssh_ca_key_name }}.pub"
+    content: "{{ key_pair.public_key }}"
+  when: not cert_state.stat.exists
+
 - name: Generate certificate
   openssh_cert:
-    path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
+    path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
     principals: "{{ ssh_ca_cert_principals }}"
-    public_key: "/etc/ssh/{{ ssh_ca_key_name }}.pub"
+    public_key: "/tmp/{{ ssh_ca_key_name }}.pub"
     signature_algorithm: rsa-sha2-512
     signing_key: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"
     type: "{{ ssh_ca_type }}"
     valid_from: always
     valid_to: forever
+  delegate_to: localhost
+  when: not cert_state.stat.exists
+
+- name: Copy certificate to host
+  copy:
+    src: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
+    dest: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
+    mode: 0600
+  when: not cert_state.stat.exists
+
+- name: Delete local public key
+  file:
+    path: "/tmp/{{ ssh_ca_key_name }}.pub"
+    state: absent
+  delegate_to: localhost
+  when: not cert_state.stat.exists
+
+- name: Delete local certificate
+  file:
+    path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
+    state: absent
+  delegate_to: localhost
+  when: not cert_state.stat.exists