ssh-ca/tasks/main.yml

---

- name: Generate key pair
  openssh_keypair:
    path: "/etc/ssh/{{ ssh_ca_key_name }}"
    type: "{{ ssh_ca_key_type }}"
    comment: "{{ ssh_ca_key_comment }}"
  register: key_pair

- name: Generate certificate
  openssh_cert:
    path: "/etc/ssh/{{ ssh_ca_key_name }}-cert.pub"
    principals: "{{ ssh_ca_cert_principals }}"
    public_key: "/etc/ssh/{{ ssh_ca_key_name }}.pub"
    signature_algorithm: rsa-sha2-512
    signing_key: "{{ role_path }}/files/{{ ssh_ca_signing_key }}"
    type: "{{ ssh_ca_type }}"
    valid_from: always
    valid_to: forever