infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

basessh: Always run the keygen shell command if needed, even in check mode.

Browse source 
Without this check mode will fail if there's not an old signed copy of the key around.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2019-09-05 23:18:49 +00:00 committed by Pierre-Yves Chibon
parent 718714c437
commit 27929fa58b
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
roles/basessh/tasks/main.yml
View file

@ -202,6 +202,7 @@
shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub" shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
delegate_to: localhost delegate_to: localhost
with_items: "{{certs_to_sign}}" with_items: "{{certs_to_sign}}"
check_mode: no
tags: tags:
- basessh - basessh
- sshd_cert - sshd_cert