diff options
Diffstat (limited to 'scripts/ssh_prepare')
-rw-r--r-- | scripts/ssh_prepare/defaults/main.yml | 4 | ||||
-rw-r--r-- | scripts/ssh_prepare/tasks/main.yml | 40 | ||||
-rw-r--r-- | scripts/ssh_prepare/templates/config.j2 | 33 |
3 files changed, 77 insertions, 0 deletions
diff --git a/scripts/ssh_prepare/defaults/main.yml b/scripts/ssh_prepare/defaults/main.yml new file mode 100644 index 0000000..f074f01 --- /dev/null +++ b/scripts/ssh_prepare/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# variable needed to access jumphost +ssh_id_rsa: "{{ vault_ssh_id_rsa }}" +ssh_id_rsa_pub: "{{ vault_ssh_id_rsa_pub }}" diff --git a/scripts/ssh_prepare/tasks/main.yml b/scripts/ssh_prepare/tasks/main.yml new file mode 100644 index 0000000..e47ab11 --- /dev/null +++ b/scripts/ssh_prepare/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- set_fact: + base_dir: "{{ lookup('env', 'ROOT_FOLDER') | default(playbook_dir, true) }}" + +- name: check if vaulted ssh credentials exists + stat: + path: "{{ base_dir }}/vars/vaulted_ssh_credentials.yml" + register: creds_stat + +- name: include vaulted ssh credentials + include_vars: "{{ base_dir }}/vars/vaulted_ssh_credentials.yml" + when: creds_stat.stat.exists + +- name: check if vaulted ssh_gateways file exists + stat: + path: "{{ base_dir }}/vars/ssh_gateways.yml" + register: gw_stat + +- name: include vaulted ssh gateways + include_vars: "{{ base_dir }}/vars/ssh_gateways.yml" + when: gw_stat.stat.exists + +- name: create id_rsa file + copy: + dest: "{{ base_dir }}/id_rsa" + content: "{{ ssh_id_rsa }}" + mode: 0600 + when: creds_stat.stat.exists + +- name: create id_rsa.pub file + copy: + dest: "{{ base_dir }}/id_rsa.pub" + content: "{{ ssh_id_rsa_pub }}" + mode: 0600 + when: creds_stat.stat.exists + +- name: generate ssh config + template: + src: config.j2 + dest: "{{ base_dir }}/ssh_config" diff --git a/scripts/ssh_prepare/templates/config.j2 b/scripts/ssh_prepare/templates/config.j2 new file mode 100644 index 0000000..375efd7 --- /dev/null +++ b/scripts/ssh_prepare/templates/config.j2 @@ -0,0 +1,33 @@ +Host * +{% if creds_stat.stat.exists %} + IdentityFile {{ base_dir }}/id_rsa +{% endif %} + UserKnownHostsFile=/dev/null + StrictHostKeyChecking=no + +{% if gw_stat.stat.exists %} +{% for gw in ssh_gateways | default([]) %} +host {{ gw.name }} + Hostname {{ gw.public_fqdn | default(gw.ansible_host) }} + User {{ gw.ansible_user }} +{% if gw.ansible_port is defined %} + Port {{ gw.ansible_port }} +{% endif %} +{% if gw.proxy_command is defined %} + ProxyCommand {{ gw.proxy_command }} +{% endif %} + +{% endfor %} +{% endif %} + +{% for node in groups.all %} +{% if hostvars[node].ansible_host is defined %} +host {{ node }} {{ hostvars[node].public_fqdn | default('') }} {{ hostvars[node].ansible_host }} + Hostname {{ hostvars[node].public_fqdn | default(hostvars[node].ansible_host) }} + User {{ hostvars[node].ansible_user }} +{% if gw_stat.stat.exists %} + ProxyCommand ssh -F {{ base_dir }}/ssh_config -W %h:%p {{ ssh_gateways[0].name }} +{% endif %} +{% endif %} + +{% endfor %} |