Commit 38890b43 authored by Kristian Klausen's avatar Kristian Klausen 🎉 Committed by Jelle van der Waa
Browse files

install_arch: Use the root_ssh role for adding authorized_key

The root_ssh_keys variable was changed in:
ea9f114d ("root_ssh: Support giving root access to only some hosts")
so let's just use the root_ssh role instead of maintaining the logic in
two places.
parent aa37e4aa
......@@ -171,18 +171,11 @@
register: chroot_systemd_services
changed_when: "chroot_systemd_services.rc == 0"
- name: assign pubkey list to fact
set_fact: pubkey_list="{{ lookup('file', playbook_dir + "/../../pubkeys/" + item) }}"
register: pubkeys
playbook_dir: "{{ playbook_dir }}"
with_items: "{{ root_ssh_keys }}"
- name: assign pubkey string to fact
set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
- name: add authorized key for root
authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes
name: root_ssh
root_ssh_directory: /tmp/root.x86_64/mnt/root/.ssh
- name: configure sshd
template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644
root_ssh_directory: /root/.ssh
- name: create .ssh directory
file: path={{ root_ssh_directory }} state=directory owner=root group=root mode=0700
- name: add authorized keys for root
template: src=authorized_keys.j2 dest=/root/.ssh/authorized_keys mode=0600 owner=root group=root
template: src=authorized_keys.j2 dest={{ root_ssh_directory }}/authorized_keys mode=0600 owner=root group=root
#jinja2: lstrip_blocks: True
{% for user in root_ssh_keys | sort(attribute="key") -%}
{% if user.hosts is not defined or inventory_hostname in user.hosts -%}
{{ lookup('file', '../pubkeys/' + user.key ) }}
{{ lookup('file', role_path + '/../../pubkeys/' + user.key ) }}
{% endif %}
{% endfor %}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment