chore: clean up updateKey
This commit is contained in:
eneller
27
.gitignore
vendored
Normal file
27
.gitignore
vendored
Normal file
@@ -0,0 +1,27 @@
|
|||||||
|
# Created by https://www.toptal.com/developers/gitignore/api/ansible,visualstudiocode
|
||||||
|
# Edit at https://www.toptal.com/developers/gitignore?templates=ansible,visualstudiocode
|
||||||
|
|
||||||
|
### Ansible ###
|
||||||
|
*.retry
|
||||||
|
|
||||||
|
### VisualStudioCode ###
|
||||||
|
.vscode/*
|
||||||
|
!.vscode/settings.json
|
||||||
|
!.vscode/tasks.json
|
||||||
|
!.vscode/launch.json
|
||||||
|
!.vscode/extensions.json
|
||||||
|
!.vscode/*.code-snippets
|
||||||
|
|
||||||
|
# Local History for Visual Studio Code
|
||||||
|
.history/
|
||||||
|
|
||||||
|
# Built Visual Studio Code Extensions
|
||||||
|
*.vsix
|
||||||
|
|
||||||
|
### VisualStudioCode Patch ###
|
||||||
|
# Ignore all local history of files
|
||||||
|
.history
|
||||||
|
.ionide
|
||||||
|
|
||||||
|
# End of https://www.toptal.com/developers/gitignore/api/ansible,visualstudiocode
|
||||||
|
|
||||||
@@ -1,26 +1,30 @@
|
|||||||
---
|
---
|
||||||
# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html#examples
|
# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html#examples
|
||||||
- name: update ssh key and login permissions
|
- name: Update ssh key and login permissions
|
||||||
strategy: free # dont wait for other hosts when executing
|
strategy: free # dont wait for other hosts when executing
|
||||||
hosts: oracleServer
|
hosts: oracleServer
|
||||||
vars_prompt:
|
vars_prompt:
|
||||||
- name: ssh_key_path
|
- name: ssh_key_path
|
||||||
prompt: enter the path to the ssh key to add
|
prompt: enter the path to the ssh key to add
|
||||||
private: false
|
private: false
|
||||||
|
- name: ssh_key_comment
|
||||||
|
prompt: enter the comment that should be saved in the authorized_keys file
|
||||||
|
private: false
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
- name: Add ssh key
|
- name: Add ssh key
|
||||||
become: true
|
become: true
|
||||||
async: 120 # Maximum execution time
|
async: 120 # Maximum execution time
|
||||||
poll: 05 # polling interval in seconds
|
poll: 5 # polling interval in seconds
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "{{ ansible_user_id }}"
|
user: "{{ ansible_user_id }}"
|
||||||
exclusive: true
|
exclusive: true
|
||||||
state: present
|
state: present
|
||||||
key: "{{ lookup('file', '{{ ssh_key_path }}') }}"
|
key: "{{ lookup('file', '{{ ssh_key_path }}') }}"
|
||||||
|
comment: "{{ ssh_key_comment }}"
|
||||||
|
|
||||||
- name: sshd configuration file update
|
- name: Update sshd config
|
||||||
blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/ssh/sshd_config
|
||||||
insertbefore: BOF # Beginning of the file
|
insertbefore: BOF # Beginning of the file
|
||||||
marker: "# {mark} ANSIBLE MANAGED BLOCK BY LINUX-ADMIN"
|
marker: "# {mark} ANSIBLE MANAGED BLOCK BY LINUX-ADMIN"
|
||||||
@@ -33,7 +37,6 @@
|
|||||||
validate: /usr/sbin/sshd -T -f %s
|
validate: /usr/sbin/sshd -T -f %s
|
||||||
|
|
||||||
- name: Restart SSHD
|
- name: Restart SSHD
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user