aboutsummaryrefslogtreecommitdiffstats
path: root/scripts/ssh_prepare
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/ssh_prepare')
-rw-r--r--scripts/ssh_prepare/defaults/main.yml4
-rw-r--r--scripts/ssh_prepare/tasks/main.yml40
-rw-r--r--scripts/ssh_prepare/templates/config.j233
3 files changed, 77 insertions, 0 deletions
diff --git a/scripts/ssh_prepare/defaults/main.yml b/scripts/ssh_prepare/defaults/main.yml
new file mode 100644
index 0000000..f074f01
--- /dev/null
+++ b/scripts/ssh_prepare/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# variable needed to access jumphost
+ssh_id_rsa: "{{ vault_ssh_id_rsa }}"
+ssh_id_rsa_pub: "{{ vault_ssh_id_rsa_pub }}"
diff --git a/scripts/ssh_prepare/tasks/main.yml b/scripts/ssh_prepare/tasks/main.yml
new file mode 100644
index 0000000..e47ab11
--- /dev/null
+++ b/scripts/ssh_prepare/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- set_fact:
+ base_dir: "{{ lookup('env', 'ROOT_FOLDER') | default(playbook_dir, true) }}"
+
+- name: check if vaulted ssh credentials exists
+ stat:
+ path: "{{ base_dir }}/vars/vaulted_ssh_credentials.yml"
+ register: creds_stat
+
+- name: include vaulted ssh credentials
+ include_vars: "{{ base_dir }}/vars/vaulted_ssh_credentials.yml"
+ when: creds_stat.stat.exists
+
+- name: check if vaulted ssh_gateways file exists
+ stat:
+ path: "{{ base_dir }}/vars/ssh_gateways.yml"
+ register: gw_stat
+
+- name: include vaulted ssh gateways
+ include_vars: "{{ base_dir }}/vars/ssh_gateways.yml"
+ when: gw_stat.stat.exists
+
+- name: create id_rsa file
+ copy:
+ dest: "{{ base_dir }}/id_rsa"
+ content: "{{ ssh_id_rsa }}"
+ mode: 0600
+ when: creds_stat.stat.exists
+
+- name: create id_rsa.pub file
+ copy:
+ dest: "{{ base_dir }}/id_rsa.pub"
+ content: "{{ ssh_id_rsa_pub }}"
+ mode: 0600
+ when: creds_stat.stat.exists
+
+- name: generate ssh config
+ template:
+ src: config.j2
+ dest: "{{ base_dir }}/ssh_config"
diff --git a/scripts/ssh_prepare/templates/config.j2 b/scripts/ssh_prepare/templates/config.j2
new file mode 100644
index 0000000..375efd7
--- /dev/null
+++ b/scripts/ssh_prepare/templates/config.j2
@@ -0,0 +1,33 @@
+Host *
+{% if creds_stat.stat.exists %}
+ IdentityFile {{ base_dir }}/id_rsa
+{% endif %}
+ UserKnownHostsFile=/dev/null
+ StrictHostKeyChecking=no
+
+{% if gw_stat.stat.exists %}
+{% for gw in ssh_gateways | default([]) %}
+host {{ gw.name }}
+ Hostname {{ gw.public_fqdn | default(gw.ansible_host) }}
+ User {{ gw.ansible_user }}
+{% if gw.ansible_port is defined %}
+ Port {{ gw.ansible_port }}
+{% endif %}
+{% if gw.proxy_command is defined %}
+ ProxyCommand {{ gw.proxy_command }}
+{% endif %}
+
+{% endfor %}
+{% endif %}
+
+{% for node in groups.all %}
+{% if hostvars[node].ansible_host is defined %}
+host {{ node }} {{ hostvars[node].public_fqdn | default('') }} {{ hostvars[node].ansible_host }}
+ Hostname {{ hostvars[node].public_fqdn | default(hostvars[node].ansible_host) }}
+ User {{ hostvars[node].ansible_user }}
+{% if gw_stat.stat.exists %}
+ ProxyCommand ssh -F {{ base_dir }}/ssh_config -W %h:%p {{ ssh_gateways[0].name }}
+{% endif %}
+{% endif %}
+
+{% endfor %}