This repository has been archived on 2023-04-25. You can view files and clone it, but cannot push or open issues or pull requests.
ssh-ca/tasks/main.yml
2023-04-25 17:01:37 +02:00

53 lines
1.4 KiB
YAML

---
- name: Generate key pair
openssh_keypair:
path: "/etc/ssh/{{ ssh_ca_key_name }}"
type: "{{ ssh_ca_key_type }}"
comment: "{{ ssh_ca_key_comment }}"
register: key_pair
- name: Check certificate existance
stat:
path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
register: cert_state
- name: Copy public key to local machine
copy:
dest: "/tmp/{{ ssh_ca_key_name }}.pub"
content: "{{ key_pair.public_key }}"
when: not cert_state.stat.exists
- name: Generate certificate
openssh_cert:
path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
principals: "{{ ssh_ca_cert_principals }}"
public_key: "/tmp/{{ ssh_ca_key_name }}.pub"
signature_algorithm: rsa-sha2-512
signing_key: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"
type: "{{ ssh_ca_type }}"
valid_from: always
valid_to: forever
delegate_to: localhost
when: not cert_state.stat.exists
- name: Copy certificate to host
copy:
src: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
dest: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
mode: 0600
when: not cert_state.stat.exists
- name: Delete local public key
file:
path: "/tmp/{{ ssh_ca_key_name }}.pub"
state: absent
delegate_to: localhost
when: not cert_state.stat.exists
- name: Delete local certificate
file:
path: "/tmp/{{ ssh_ca_key_name }}-cert.pub"
state: absent
delegate_to: localhost
when: not cert_state.stat.exists