generating ssh-keys #152 #151 #112

8 years ago · 1d07200c74
parent efb78e27d4
commit 1d07200c74
8 changed files with 66 additions and 5 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -8,5 +8,5 @@ host_key_checking = False
 record_host_keys = False

 [ssh_connection]
-ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o ConnectTimeout=6 -o ConnectionAttempts=30
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o ConnectTimeout=6 -o ConnectionAttempts=30 -o IdentitiesOnly=yes
 scp_if_ssh = True
--- a/config.cfg
+++ b/config.cfg
@ -78,3 +78,8 @@ congrats: |
  "#                     The p12 password is {{ easyrsa_p12_export_password }}      "
  "#                  The CA key password is {{ easyrsa_CA_password }}      "
  "#----------------------------------------------------------------------#"
+
+SSH_keys:
+  comment: algo@ssh
+  private: configs/algo.pem
+  public: configs/algo.pem.pub
--- a/deploy.yml
+++ b/deploy.yml
@ -4,6 +4,11 @@
  vars_files:
    - config.cfg

+  pre_tasks:
+    - name: Local pre-tasks
+      include: playbooks/local.yml
+      tags: [ 'cloud' ]
+
  roles:
    - { role: cloud-digitalocean, tags: ['digitalocean'] }
    - { role: cloud-ec2, tags: ['ec2'] }
--- a/playbooks/local.yml
+++ b/playbooks/local.yml
@ -0,0 +1,14 @@
+---
+
+- name: Generate the SSH private key
+  local_action: shell echo -e  'n' | ssh-keygen -b 2048 -C {{ SSH_keys.comment }} -t rsa -f {{ SSH_keys.private }} -q -N ""
+  args:
+    creates: configs/algo.pem
+
+- name: Generate the SSH public key
+  local_action: shell echo `ssh-keygen -y -f configs/algo.pem` {{ SSH_keys.comment }} > {{ SSH_keys.public }}
+  args:
+    creates: configs/algo.pem.pub
+
+- name: Change mode for the SSH private key
+  local_action: file path=configs/algo.pem mode=0600
--- a/roles/cloud-azure/tasks/main.yml
+++ b/roles/cloud-azure/tasks/main.yml
@ -46,7 +46,7 @@
    tags:
      service: algo
    ssh_public_keys:
-      - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ ssh_public_key }}') }}" }
+      - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ SSH_keys.public }}') }}" }
    image:
      offer: UbuntuServer
      publisher: Canonical
@ -63,6 +63,7 @@
    groups: vpn-host
    ansible_ssh_user: ubuntu
    ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
    cloud_provider: azure
    ipv6_support: no

--- a/roles/cloud-digitalocean/tasks/main.yml
+++ b/roles/cloud-digitalocean/tasks/main.yml
@ -1,12 +1,45 @@
 - name: Set the DigitalOcean Access Token fact
  set_fact:
    do_token: "{{ do_access_token }}"
+    public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
+
+- name: Get existing SSH keys
+  uri:
+    url: https://api.digitalocean.com/v2/account/keys
+    method: GET
+    HEADER_Content-Type: 'application/json'
+    HEADER_Authorization: "Bearer {{ do_access_token }}"
+    status_code: 200
+    body_format: json
+  register: do_existing_keys
+
+- set_fact:
+    ssh_key_exist: true
+  when: public_key == item.public_key
+  with_items:
+    - "{{ do_existing_keys.json.ssh_keys }}"
+
+- name: Upload the SSH key
+  uri:
+    url: https://api.digitalocean.com/v2/account/keys
+    method: POST
+    HEADER_Content-Type: 'application/json'
+    HEADER_Authorization: "Bearer {{ do_access_token }}"
+    body: >
+      {
+        "name" : "{{ SSH_keys.comment }}",
+        "public_key" : "{{ public_key }}"
+      }
+    status_code: 201
+    body_format: json
+  register: do_ssh_key
+  when: ssh_key_exist is not defined

 - name: "Getting your SSH key ID on Digital Ocean..."
  digital_ocean:
    state: present
    command: ssh
-    name: "{{ do_ssh_name }}"
+    name: "{{ SSH_keys.comment }}"
    api_token: "{{ do_access_token }}"
  register: do_ssh_key

@ -30,6 +63,7 @@
    groups: vpn-host
    ansible_ssh_user: root
    ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
    do_access_token: "{{ do_access_token }}"
    do_droplet_id: "{{ do.droplet.id }}"
    cloud_provider: digitalocean
--- a/roles/cloud-ec2/tasks/main.yml
+++ b/roles/cloud-ec2/tasks/main.yml
@ -20,7 +20,7 @@
    name: VPNKEY
    region: "{{ region }}"
    key_material: "{{ item }}"
-  with_file: "{{ ssh_public_key }}"
+  with_file: "{{ SSH_keys.public }}"
  register: keypair

 - name: Configure EC2 virtual private clouds
@ -103,6 +103,7 @@
    groupname: vpn-host
    ansible_ssh_user: ubuntu
    ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
    cloud_provider: ec2
    ipv6_support: no
  with_items: "{{ ec2.tagged_instances }}"
--- a/roles/cloud-gce/tasks/main.yml
+++ b/roles/cloud-gce/tasks/main.yml
@ -1,6 +1,6 @@
 - set_fact:
    credentials_file_lookup: "{{ lookup('file', '{{ credentials_file }}') }}"
-    ssh_public_key_lookup: "{{ lookup('file', '{{ ssh_public_key }}') }}"
+    ssh_public_key_lookup: "{{ lookup('file', '{{ SSH_keys.public }}') }}"

 - name: "Creating a new instance..."
  gce:
@ -20,6 +20,7 @@
    groups: vpn-host
    ansible_ssh_user: ubuntu
    ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
    cloud_provider: gce
    ipv6_support: no