Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

basessh: see if we can generate a sha256 cert

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2020-11-03 15:04:51 -08:00
parent 259a1734ae
commit 925f314af5
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/basessh/tasks/main.yml
View file

@ -199,7 +199,7 @@
# Currently, we use the epoch as serial. That's unique enough for now
- name: Sign the certificates
shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -t rsa-sha2-256 -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
delegate_to: localhost
with_items: "{{certs_to_sign}}"
check_mode: no