Commit aac22770 authored by Florian Pritz's avatar Florian Pritz
Browse files

Add playbook to deploy known_hosts for all servers


Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
parent 2c83c70c
---
- name: fetch ssh hostkey checkums
- name: fetch ssh hostkeys
hosts: all
tasks:
- name: fetch hostkey checksums
shell: "for type in sha256 md5; do for file in /etc/ssh/ssh_host_*.pub; do ssh-keygen -l -f $file -E $type; done; echo; done"
register: ssh_hostkeys
- name: fetch known_hosts
shell: "ssh-keyscan 127.0.0.1 2>/dev/null | sed 's#^127.0.0.1#{{ inventory_hostname }}#'"
register: known_hosts
- name: store hostkeys
hosts: 127.0.0.1
......@@ -14,3 +17,14 @@
copy:
dest: "{{playbook_dir}}/../../docs/ssh-hostkeys.txt"
content: "{% for host in groups['all'] | sort %}# {{host}}\n{{hostvars[host].ssh_hostkeys.stdout}}\n\n{% endfor %}"
- name: store known_hosts
copy:
dest: "{{playbook_dir}}/../../docs/ssh-known_hosts.txt"
content: "{% for host in groups['all'] | sort %}# {{host}}\n{{hostvars[host].known_hosts.stdout}}\n\n{% endfor %}"
- name: upload known_hosts to all nodes
hosts: all
tasks:
- name: upload known_hosts
copy: dest=/etc/ssh/ssh_known_hosts src="{{playbook_dir}}/../../docs/ssh-known_hosts.txt"
tags: ['upload-known-hosts']
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment