53 lines
1.4 KiB
YAML
53 lines
1.4 KiB
YAML
---
|
|
|
|
- name: Generate key pair
|
|
openssh_keypair:
|
|
path: "/etc/ssh/{{ ssh_ca_key_name }}"
|
|
type: "{{ ssh_ca_key_type }}"
|
|
comment: "{{ ssh_ca_key_comment }}"
|
|
register: key_pair
|
|
|
|
- name: Check certificate existance
|
|
stat:
|
|
path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
|
|
register: cert_state
|
|
|
|
- name: Copy public key to local machine
|
|
copy:
|
|
dest: "/tmp/{{ ssh_ca_key_name }}.pub"
|
|
content: "{{ key_pair.public_key }}"
|
|
when: not cert_state.stat.exists
|
|
|
|
- name: Generate certificate
|
|
openssh_cert:
|
|
path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
|
|
principals: "{{ ssh_ca_cert_principals }}"
|
|
public_key: "/tmp/{{ ssh_ca_key_name }}.pub"
|
|
signature_algorithm: rsa-sha2-512
|
|
signing_key: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"
|
|
type: "{{ ssh_ca_type }}"
|
|
valid_from: always
|
|
valid_to: forever
|
|
delegate_to: localhost
|
|
when: not cert_state.stat.exists
|
|
|
|
- name: Copy certificate to host
|
|
copy:
|
|
src: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
|
|
dest: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
|
|
mode: 0600
|
|
when: not cert_state.stat.exists
|
|
|
|
- name: Delete local public key
|
|
file:
|
|
path: "/tmp/{{ ssh_ca_key_name }}.pub"
|
|
state: absent
|
|
delegate_to: localhost
|
|
when: not cert_state.stat.exists
|
|
|
|
- name: Delete local certificate
|
|
file:
|
|
path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
|
|
state: absent
|
|
delegate_to: localhost
|
|
when: not cert_state.stat.exists
|