---
|
|
# Synchronization des clefs SSH avec option de suppression via admin_blacklist_ssh_keys
|
|
# En utilisant la variable hash_behaviour = merge dans la configuration ansible,
|
|
# permet de deployer differentes clefs sur differentes serveurs en mergeant les dictionnaire
|
|
|
|
- name: Check vars
|
|
fail:
|
|
msg: "Missing variable admin_ssh_keys"
|
|
tags: ssh_keys
|
|
when: admin_ssh_keys is not defined
|
|
|
|
- name: Install libselinux-python needed for centos
|
|
tags: ssh_keys
|
|
yum:
|
|
name: libselinux-python
|
|
state: installed
|
|
when: ansible_distribution == 'CentOS'
|
|
|
|
- name: Remove old SSH keys
|
|
tags: ssh_keys
|
|
authorized_key:
|
|
user: root
|
|
key: "{{ item.value }}"
|
|
state: absent
|
|
with_dict: "{{ admin_blacklist_ssh_keys }}"
|
|
when: admin_blacklist_ssh_keys is defined
|
|
|
|
- name: Deploy SSH keys
|
|
tags: ssh_keys
|
|
authorized_key:
|
|
user: root
|
|
key: "{{ item.value }}"
|
|
state: present
|
|
with_dict: "{{ admin_ssh_keys }}"
|