Renew SSH cert if it was last modified more than 10 months ago
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
parent
d5179509aa
commit
d31019a444
1 changed files with 12 additions and 1 deletions
|
|
@ -128,7 +128,18 @@
|
||||||
- sshd
|
- sshd
|
||||||
- base
|
- base
|
||||||
|
|
||||||
# TODO: Get expired certificates, and add them to certs_to_sign
|
# Renew if last mod was more than 10 months ago
|
||||||
|
- name: Get soon-to-expire certificates to sign
|
||||||
|
set_fact:
|
||||||
|
certs_to_sign: "{{certs_to_sign}} + [ '{{item.item.path}}' ]"
|
||||||
|
when: "item.stat.exists and item.stat.mtime < (ansible_date_time.epoch - 25920000)"
|
||||||
|
tags:
|
||||||
|
- basessh
|
||||||
|
- sshd_cert
|
||||||
|
- sshd_config
|
||||||
|
- config
|
||||||
|
- sshd
|
||||||
|
- base
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
pubkeydir: "/tmp/sshkeysign/{{inventory_hostname}}"
|
pubkeydir: "/tmp/sshkeysign/{{inventory_hostname}}"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue