make the ansible key addition and other users key addition a little less scary
This commit is contained in:
parent
42c749ac8f
commit
355c668d8c
2 changed files with 10 additions and 7 deletions
3
files/common/ansible-pub-key
Normal file
3
files/common/ansible-pub-key
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
#ansible root key
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmS3g5fSXizcCqKMI1n5WPFrfMyu7BMrMkMYyck07rB/cf2orO8kKj5schjILA8NYJFStlv2CGRXmQlendj523FPzPmzxvTP/OT4qdywa4LKGvAxOkRGCMMxWzVFLdEMzsLUE/+FLX+xd1US9UPLGRsbMkdz4ORCc0G8gqTr835H56mQPI+/zPFeQjHoHGYtQA1wnJH/0LCuFFfU82IfzrXzFDIBAA5i2S+eEOk7/SA4Ciek1CthNtqPX27M6UqkJMBmVpnAdeDz2noWMvlzAAUQ7dHL84CiXbUnF3hhYrHDbmD+kEK+KiRrYh3PT+5YfEPVI/xiDJ2fdHGxY7Dr2TQ== root@lockbox01.phx2.fedoraproject.org
|
||||
|
||||
|
|
@ -26,17 +26,17 @@
|
|||
tags:
|
||||
- config
|
||||
|
||||
- name: put sysadmin-main in place for sshing in
|
||||
action: copy src=$files/common/sysadmin-main dest=/root/.ssh/authorized_keys mode=600 backup=true
|
||||
- name: add ansible root key
|
||||
action: authorized_key user=root key='$FILE(${files}/common/ansible-pub-key)'
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: add root keys for other allowed users
|
||||
action: authorized_key user=root key='$PIPE(${auth_keys_from_fas} ${root_auth_users})'
|
||||
only_if: is_set('${root_auth_users}')
|
||||
- name: add root keys for sysadmin-main and other allowed users
|
||||
action: authorized_key user=root key='$PIPE(${auth_keys_from_fas} @sysadmin-main ${root_auth_users})'
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
||||
# note - kinda should be a handler - but handlers need args
|
||||
- name: restorecon
|
||||
action: command restorecon -R /root/.ssh
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue