basessh: Always run the keygen shell command if needed, even in check mode.
Without this check mode will fail if there's not an old signed copy of the key around. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
Pierre-Yves Chibon
parent
718714c437
commit
27929fa58b
1 changed files with 1 additions and 0 deletions
|
|
@ -202,6 +202,7 @@
|
|||
shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
|
||||
delegate_to: localhost
|
||||
with_items: "{{certs_to_sign}}"
|
||||
check_mode: no
|
||||
tags:
|
||||
- basessh
|
||||
- sshd_cert
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue