From d5545b974caa0fadfbd82bfe8f8be642f16b0af6 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Mon, 12 Dec 2016 22:02:45 +0300
Subject: [PATCH 1/2] generating ssh-keys #152 #151 #112

---
 ansible.cfg                             |  2 +-
 config.cfg                              |  5 ++++
 deploy.yml                              |  5 ++++
 playbooks/local.yml                     | 14 ++++++++++
 roles/cloud-azure/tasks/main.yml        |  3 ++-
 roles/cloud-digitalocean/tasks/main.yml | 36 ++++++++++++++++++++++++-
 roles/cloud-ec2/tasks/main.yml          |  3 ++-
 roles/cloud-gce/tasks/main.yml          |  3 ++-
 8 files changed, 66 insertions(+), 5 deletions(-)
 create mode 100644 playbooks/local.yml

diff --git a/ansible.cfg b/ansible.cfg
index 1a3afab..0303701 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -8,5 +8,5 @@ host_key_checking = False
 record_host_keys = False
 
 [ssh_connection]
-ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o ConnectTimeout=6 -o ConnectionAttempts=30
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o ConnectTimeout=6 -o ConnectionAttempts=30 -o IdentitiesOnly=yes
 scp_if_ssh = True
diff --git a/config.cfg b/config.cfg
index 792aae7..158f5b6 100644
--- a/config.cfg
+++ b/config.cfg
@@ -73,3 +73,8 @@ congrats: |
   "#          Local DNS resolver and Proxy IP address: {{ local_service_ip }}"
   "#                     The p12 password is {{ easyrsa_p12_export_password }}"
   "#----------------------------------------------------------------------#"
+
+SSH_keys:
+  comment: algo@ssh
+  private: configs/algo.pem
+  public: configs/algo.pem.pub
diff --git a/deploy.yml b/deploy.yml
index f8d5071..a94cc49 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -4,6 +4,11 @@
   vars_files:
     - config.cfg
 
+  pre_tasks:
+    - name: Local pre-tasks
+      include: playbooks/local.yml
+      tags: [ 'cloud' ]
+
   roles:
     - { role: cloud-digitalocean, tags: ['digitalocean'] }
     - { role: cloud-ec2, tags: ['ec2'] }
diff --git a/playbooks/local.yml b/playbooks/local.yml
new file mode 100644
index 0000000..a7bc353
--- /dev/null
+++ b/playbooks/local.yml
@@ -0,0 +1,14 @@
+---
+
+- name: Generate the SSH private key
+  local_action: shell echo -e  'n' | ssh-keygen -b 2048 -C {{ SSH_keys.comment }} -t rsa -f {{ SSH_keys.private }} -q -N ""
+  args:
+    creates: configs/algo.pem
+
+- name: Generate the SSH public key
+  local_action: shell echo `ssh-keygen -y -f configs/algo.pem` {{ SSH_keys.comment }} > {{ SSH_keys.public }}
+  args:
+    creates: configs/algo.pem.pub
+
+- name: Change mode for the SSH private key
+  local_action: file path=configs/algo.pem mode=0600
diff --git a/roles/cloud-azure/tasks/main.yml b/roles/cloud-azure/tasks/main.yml
index abe2134..14f34f2 100644
--- a/roles/cloud-azure/tasks/main.yml
+++ b/roles/cloud-azure/tasks/main.yml
@@ -46,7 +46,7 @@
     tags:
       service: algo
     ssh_public_keys:
-      - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ ssh_public_key }}') }}" }
+      - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ SSH_keys.public }}') }}" }
     image:
       offer: UbuntuServer
       publisher: Canonical
@@ -63,6 +63,7 @@
     groups: vpn-host
     ansible_ssh_user: ubuntu
     ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
     cloud_provider: azure
     ipv6_support: no
 
diff --git a/roles/cloud-digitalocean/tasks/main.yml b/roles/cloud-digitalocean/tasks/main.yml
index d8dd57c..fe50698 100644
--- a/roles/cloud-digitalocean/tasks/main.yml
+++ b/roles/cloud-digitalocean/tasks/main.yml
@@ -1,12 +1,45 @@
 - name: Set the DigitalOcean Access Token fact
   set_fact:
     do_token: "{{ do_access_token }}"
+    public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
+
+- name: Get existing SSH keys
+  uri:
+    url: https://api.digitalocean.com/v2/account/keys
+    method: GET
+    HEADER_Content-Type: 'application/json'
+    HEADER_Authorization: "Bearer {{ do_access_token }}"
+    status_code: 200
+    body_format: json
+  register: do_existing_keys
+
+- set_fact:
+    ssh_key_exist: true
+  when: public_key == item.public_key
+  with_items:
+    - "{{ do_existing_keys.json.ssh_keys }}"
+
+- name: Upload the SSH key
+  uri:
+    url: https://api.digitalocean.com/v2/account/keys
+    method: POST
+    HEADER_Content-Type: 'application/json'
+    HEADER_Authorization: "Bearer {{ do_access_token }}"
+    body: >
+      {
+        "name" : "{{ SSH_keys.comment }}",
+        "public_key" : "{{ public_key }}"
+      }
+    status_code: 201
+    body_format: json
+  register: do_ssh_key
+  when: ssh_key_exist is not defined
 
 - name: "Getting your SSH key ID on Digital Ocean..."
   digital_ocean:
     state: present
     command: ssh
-    name: "{{ do_ssh_name }}"
+    name: "{{ SSH_keys.comment }}"
     api_token: "{{ do_access_token }}"
   register: do_ssh_key
 
@@ -30,6 +63,7 @@
     groups: vpn-host
     ansible_ssh_user: root
     ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
     do_access_token: "{{ do_access_token }}"
     do_droplet_id: "{{ do.droplet.id }}"
     cloud_provider: digitalocean
diff --git a/roles/cloud-ec2/tasks/main.yml b/roles/cloud-ec2/tasks/main.yml
index 5ff40dc..41f46bc 100644
--- a/roles/cloud-ec2/tasks/main.yml
+++ b/roles/cloud-ec2/tasks/main.yml
@@ -20,7 +20,7 @@
     name: VPNKEY
     region: "{{ region }}"
     key_material: "{{ item }}"
-  with_file: "{{ ssh_public_key }}"
+  with_file: "{{ SSH_keys.public }}"
   register: keypair
 
 - name: Configure EC2 virtual private clouds
@@ -103,6 +103,7 @@
     groupname: vpn-host
     ansible_ssh_user: ubuntu
     ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
     cloud_provider: ec2
     ipv6_support: no
   with_items: "{{ ec2.tagged_instances }}"
diff --git a/roles/cloud-gce/tasks/main.yml b/roles/cloud-gce/tasks/main.yml
index c909b3f..3f4d20e 100644
--- a/roles/cloud-gce/tasks/main.yml
+++ b/roles/cloud-gce/tasks/main.yml
@@ -1,6 +1,6 @@
 - set_fact:
     credentials_file_lookup: "{{ lookup('file', '{{ credentials_file }}') }}"
-    ssh_public_key_lookup: "{{ lookup('file', '{{ ssh_public_key }}') }}"
+    ssh_public_key_lookup: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
 
 - name: "Creating a new instance..."
   gce:
@@ -20,6 +20,7 @@
     groups: vpn-host
     ansible_ssh_user: ubuntu
     ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
     cloud_provider: gce
     ipv6_support: no
 

From d51abd21d1cd561c217743af3cece9b4427fcaa2 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Thu, 15 Dec 2016 00:21:44 +0300
Subject: [PATCH 2/2] some fixes

---
 algo                                    | 17 -----------------
 roles/cloud-digitalocean/tasks/main.yml |  2 +-
 2 files changed, 1 insertion(+), 18 deletions(-)

diff --git a/algo b/algo
index 8a0fe6d..b75317a 100755
--- a/algo
+++ b/algo
@@ -99,10 +99,6 @@ Enter your azure subscription_id (https://docs.ansible.com/ansible/guide_azure.h
 You can skip this step if you want to use your defaults credentials from ~/.azure/credentials
 [...]: " -rs azure_subscription_id
 
-  read -p "
-
-Enter the local path to your SSH public key (~/.ssh/id_rsa.pub): " -r ssh_public_key
-  ssh_public_key=${ssh_public_key:-$HOME/.ssh/id_rsa.pub}
 
   read -p "
 Name the vpn server:
@@ -155,10 +151,6 @@ digitalocean () {
 Enter your API token (https://cloud.digitalocean.com/settings/api/tokens):
 : " -rs do_access_token
 
-  read -p "
-Enter an existing SSH key name (https://cloud.digitalocean.com/settings/security):
-: " -r do_ssh_name
-
   read -p "
 Name the vpn server:
 [algo.local]: " -r do_server_name
@@ -212,11 +204,6 @@ Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing
 Note: Make sure to use either your root key (recommended) or an IAM user with an acceptable policy attached
 [ABCD...]: " -rs aws_secret_key
 
-
-  read -p "
-Enter the local path to your SSH public key (~/.ssh/id_rsa.pub): " -r ssh_public_key
-  ssh_public_key=${ssh_public_key:-$HOME/.ssh/id_rsa.pub}
-
 read -p "
 Name the vpn server:
 [algo]: " -r aws_server_name
@@ -266,10 +253,6 @@ gce () {
 Enter the local path to your credentials JSON file (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts):
 : " -r credentials_file
 
-  read -p "
-Enter the local path to your SSH public key (~/.ssh/id_rsa.pub): " -r ssh_public_key
-  ssh_public_key=${ssh_public_key:-$HOME/.ssh/id_rsa.pub}
-
   read -p "
 Name the vpn server:
 [algo]: " -r server_name
diff --git a/roles/cloud-digitalocean/tasks/main.yml b/roles/cloud-digitalocean/tasks/main.yml
index fe50698..55e7850 100644
--- a/roles/cloud-digitalocean/tasks/main.yml
+++ b/roles/cloud-digitalocean/tasks/main.yml
@@ -39,7 +39,7 @@
   digital_ocean:
     state: present
     command: ssh
-    name: "{{ SSH_keys.comment }}"
+    ssh_pub_key: "{{ public_key }}"
     api_token: "{{ do_access_token }}"
   register: do_ssh_key