-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcustomize-ssh-keys.yml
166 lines (154 loc) · 6.47 KB
/
customize-ssh-keys.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
---
# Cyberark pre-tasks
# - name: "[CYBERARK] Check for Cyberark credentials (certificate and key)"
# ansible.builtin.assert:
# that:
# - "{{ item }} is defined"
# - "{{ item }} | length > 0"
# msg: "{{ item }} variable is not defined or empty. Add it to Tower template and try again"
# loop:
# - CYBERARK_CLIENT_CERT
# - CYBERARK_PRIV_KEY
# # no_log: true
# delegate_to: localhost
# rsa_key
- name: "[CYBERARK] Get ssh_host_rsa_key from Cyberark, don't fail if it doesn't exist"
cyberark.pas.cyberark_credential:
api_base_url: "{{ cyberark_server_api }}"
client_cert: "{{ CYBERARK_CLIENT_CERT }}"
client_key: "{{ CYBERARK_PRIV_KEY }}"
validate_certs: false
app_id: "{{ cyberark_app_id }}"
query: "Safe={{ cyberark_keys_safe }};Object={{ cyberark_ssh_host_rsa_key_object_pattern }}-{{ inventory_hostname }}"
# query: "Safe={{ cyberark_keys_safe }};Object={{ cyberark_ssh_host_rsa_key_object_pattern }}-{{ my_hostname }}"
register: cyberark_ssh_host_rsa_key
delegate_to: localhost
no_log: true
ignore_errors: true
- name: "[CYBERARK] Get ssh_host_rsa_key_pub from Cyberark, don't fail if it doesn't exist"
cyberark.pas.cyberark_credential:
api_base_url: "{{ cyberark_server_api }}"
client_cert: "{{ CYBERARK_CLIENT_CERT }}"
client_key: "{{ CYBERARK_PRIV_KEY }}"
validate_certs: false
app_id: "{{ cyberark_app_id }}"
query: "Safe={{ cyberark_certs_safe }};Object={{ cyberark_ssh_host_rsa_key_pub_object_pattern }}-{{ inventory_hostname }}"
# query: "Safe={{ cyberark_certs_safe }};Object={{ cyberark_ssh_host_rsa_key_pub_object_pattern }}-{{ my_hostname }}"
register: cyberark_ssh_host_rsa_key_pub
delegate_to: localhost
no_log: true
ignore_errors: true
# ed25519_key
- name: "[CYBERARK] Get ssh_host_ed25519_key from Cyberark, don't fail if it doesn't exist"
cyberark.pas.cyberark_credential:
api_base_url: "{{ cyberark_server_api }}"
client_cert: "{{ CYBERARK_CLIENT_CERT }}"
client_key: "{{ CYBERARK_PRIV_KEY }}"
validate_certs: false
app_id: "{{ cyberark_app_id }}"
query: "Safe={{ cyberark_keys_safe }};Object={{ cyberark_ssh_host_ed25519_key_object_pattern }}-{{ inventory_hostname }}"
# query: "Safe={{ cyberark_keys_safe }};Object={{ cyberark_ssh_host_ed25519_key_object_pattern }}-{{ my_hostname }}"
register: cyberark_ssh_host_ed25519_key
delegate_to: localhost
no_log: true
ignore_errors: true
- name: "[CYBERARK] Get ssh_host_ed25519_key_pub from Cyberark, don't fail if it doesn't exist"
cyberark.pas.cyberark_credential:
api_base_url: "{{ cyberark_server_api }}"
client_cert: "{{ CYBERARK_CLIENT_CERT }}"
client_key: "{{ CYBERARK_PRIV_KEY }}"
validate_certs: false
app_id: "{{ cyberark_app_id }}"
query: "Safe={{ cyberark_certs_safe }};Object={{ cyberark_ssh_host_ed25519_key_pub_object_pattern }}-{{ inventory_hostname }}"
# query: "Safe={{ cyberark_certs_safe }};Object={{ cyberark_ssh_host_ed25519_key_pub_object_pattern }}-{{ my_hostname }}"
register: cyberark_ssh_host_ed25519_key_pub
delegate_to: localhost
no_log: true
ignore_errors: true
# ecdsa_key
- name: "[CYBERARK] Get ssh_host_ecdsa_key from Cyberark, don't fail if it doesn't exist"
cyberark.pas.cyberark_credential:
api_base_url: "{{ cyberark_server_api }}"
client_cert: "{{ CYBERARK_CLIENT_CERT }}"
client_key: "{{ CYBERARK_PRIV_KEY }}"
validate_certs: false
app_id: "{{ cyberark_app_id }}"
# query: "Safe={{ cyberark_keys_safe }};Object={{ cyberark_ssh_host_ecdsa_key_object_pattern }}-{{ inventory_hostname }}"
query: "Safe={{ cyberark_keys_safe }};Object={{ cyberark_ssh_host_ecdsa_key_object_pattern }}-{{ my_hostname }}"
register: cyberark_ssh_host_ecdsa_key
delegate_to: localhost
no_log: true
ignore_errors: true
- name: "[CYBERARK] Get ssh_host_ecdsa_key_pub from Cyberark, don't fail if it doesn't exist"
cyberark.pas.cyberark_credential:
api_base_url: "{{ cyberark_server_api }}"
client_cert: "{{ CYBERARK_CLIENT_CERT }}"
client_key: "{{ CYBERARK_PRIV_KEY }}"
validate_certs: false
app_id: "{{ cyberark_app_id }}"
# query: "Safe={{ cyberark_certs_safe }};Object={{ cyberark_ssh_host_ecdsa_key_pub_object_pattern }}-{{ inventory_hostname }}"
query: "Safe={{ cyberark_certs_safe }};Object={{ cyberark_ssh_host_ecdsa_key_pub_object_pattern }}-{{ my_hostname }}"
register: cyberark_ssh_host_ecdsa_key_pub
delegate_to: localhost
no_log: true
ignore_errors: true
- name: Set ssh_host_rsa_key value in file
ansible.builtin.copy:
content: "{{ cyberark_ssh_host_rsa_key.result.Content }}"
# dest: "/etc/ssh/ssh_host_rsa_key"
dest: "/tmp/ssh_host_rsa_key"
owner: root
group: root
mode: '0600'
backup: true
when: cyberark_ssh_host_rsa_key.result.Content is defined
- name: Set ssh_host_rsa_key_pub value in file
ansible.builtin.copy:
content: "{{ cyberark_ssh_host_rsa_key_pub.result.Content }}"
# dest: "/etc/ssh/ssh_host_rsa_key.pub"
dest: "/tmp/ssh_host_rsa_key.pub"
owner: root
group: root
mode: '0600'
backup: true
when: cyberark_ssh_host_rsa_key_pub.result.Content is defined
- name: Set ssh_host_ed25519_key value in file
ansible.builtin.copy:
content: "{{ cyberark_ssh_host_ed25519_key.result.Content }}"
# dest: "/etc/ssh/ssh_host_ed25519_key"
dest: "/tmp/ssh_host_ed25519_key"
owner: root
group: root
mode: '0600'
backup: true
when: cyberark_ssh_host_ed25519_key.result.Content is defined
- name: Set ssh_host_ed25519_key_pub value in file
ansible.builtin.copy:
content: "{{ cyberark_ssh_host_ed25519_key_pub.result.Content }}"
# dest: "/etc/ssh/ssh_host_ed25519_key.pub"
dest: "/tmp/ssh_host_ed25519_key.pub"
owner: root
group: root
mode: '0600'
backup: true
when: cyberark_ssh_host_ed25519_key_pub.result.Content is defined
- name: Set ssh_host_ecdsa_key value in file
ansible.builtin.copy:
content: "{{ cyberark_ssh_host_ecdsa_key.result.Content }}"
# dest: "/etc/ssh/ssh_host_ecdsa_key"
dest: "/tmp/ssh_host_ecdsa_key"
owner: root
group: root
mode: '0600'
backup: true
when: cyberark_ssh_host_ecdsa_key.result.Content is defined
- name: Set ssh_host_ecdsa_key_pub value in file
ansible.builtin.copy:
content: "{{ cyberark_ssh_host_ecdsa_key_pub.result.Content }}"
# dest: "/etc/ssh/ssh_host_ecdsa_key.pub"
dest: "/tmp/ssh_host_ecdsa_key.pub"
owner: root
group: root
mode: '0600'
backup: true
when: cyberark_ssh_host_ecdsa_key_pub.result.Content is defined