mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-05 14:06:04 +02:00
4112bdf9fd
yaml: truthy value should be one of [false, true] (truthy) yaml: wrong indentation: expected 4 but found 2 (indentation) yaml: too few spaces before comment (comments) yaml: missing starting space in comment (comments) yaml: too many blank lines (1 > 0) (empty-lines) yaml: too many spaces after colon (colons) yaml: comment not indented like content (comments-indentation) yaml: no new line character at the end of file (new-line-at-end-of-file) load-failure: Failed to load or parse file parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
51 lines
2.4 KiB
YAML
51 lines
2.4 KiB
YAML
---
|
|
|
|
- name: fetch ssh hostkeys
|
|
hosts: all,!rsync_net,!hetzner_storageboxes
|
|
tasks:
|
|
- name: fetch hostkey checksums
|
|
shell: "for type in sha256 md5; do for file in /etc/ssh/ssh_host_*.pub; do ssh-keygen -l -f $file -E $type; done; echo; done"
|
|
register: ssh_hostkeys
|
|
changed_when: ssh_hostkeys | length > 0
|
|
- name: fetch known_hosts
|
|
shell: "set -o pipefail && ssh-keyscan 127.0.0.1 2>/dev/null | sed 's#^127.0.0.1#{{ inventory_hostname }}#' | sort"
|
|
environment:
|
|
LC_COLLATE: C # to ensure reproducible ordering
|
|
args:
|
|
executable: /bin/bash # required for repro3.pkgbuild.com which is ubuntu and has dash as default shell
|
|
register: known_hosts
|
|
changed_when: known_hosts | length > 0
|
|
|
|
- name: store hostkeys
|
|
hosts: localhost
|
|
tasks:
|
|
- name: store hostkeys
|
|
copy:
|
|
dest: "{{ playbook_dir }}/../../docs/ssh-hostkeys.txt"
|
|
content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].ssh_hostkeys.stdout }}\n\n{% endfor %}"
|
|
mode: preserve
|
|
delegate_to: localhost
|
|
- name: store known_hosts
|
|
copy:
|
|
dest: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
|
|
content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].known_hosts.stdout }}\n\n{% endfor %}"
|
|
mode: preserve
|
|
delegate_to: localhost
|
|
- name: manually append rsync.net host keys
|
|
lineinfile:
|
|
path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
|
|
line: "{% for host in query('inventory_hostnames', 'rsync_net') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
|
|
delegate_to: localhost
|
|
- name: manually append Hetzner Storageboxes host keys
|
|
lineinfile:
|
|
path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
|
|
line: "{% for host in query('inventory_hostnames', 'hetzner_storageboxes') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
|
|
delegate_to: localhost
|
|
|
|
- name: upload known_hosts to all nodes
|
|
hosts: all,!rsync_net,!hetzner_storageboxes
|
|
tasks:
|
|
- name: upload known_hosts
|
|
copy: dest=/etc/ssh/ssh_known_hosts src="{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" owner=root group=root mode=0644
|
|
tags: ['upload-known-hosts']
|