From 4e4d4f93ae0d56dfeb19a3c391e0b1fd13d71832 Mon Sep 17 00:00:00 2001 From: Caila Finn Date: Fri, 20 Sep 2024 15:18:11 +0100 Subject: [PATCH] Exchange keys to allow for rsync RE #99 --- .../ansible/roles/mirror/defaults/main.yml | 7 +++ .../roles/mirror/tasks/exchange-keys.yml | 44 +++++++++++++++++++ .../ansible/roles/mirror/tasks/main.yml | 3 ++ 3 files changed, 54 insertions(+) create mode 100644 Linux/external-data-mirror/ansible/roles/mirror/defaults/main.yml create mode 100644 Linux/external-data-mirror/ansible/roles/mirror/tasks/exchange-keys.yml diff --git a/Linux/external-data-mirror/ansible/roles/mirror/defaults/main.yml b/Linux/external-data-mirror/ansible/roles/mirror/defaults/main.yml new file mode 100644 index 0000000..018876b --- /dev/null +++ b/Linux/external-data-mirror/ansible/roles/mirror/defaults/main.yml @@ -0,0 +1,7 @@ +# Default values for creating external data mirror. + +# IP of server containing external data main copy. +main_server_ip: "198.74.56.37" + +# User on the main server. +main_server_user: root \ No newline at end of file diff --git a/Linux/external-data-mirror/ansible/roles/mirror/tasks/exchange-keys.yml b/Linux/external-data-mirror/ansible/roles/mirror/tasks/exchange-keys.yml new file mode 100644 index 0000000..5fa95b6 --- /dev/null +++ b/Linux/external-data-mirror/ansible/roles/mirror/tasks/exchange-keys.yml @@ -0,0 +1,44 @@ +- name: Generate key pair if it does not exist + community.crypto.openssh_keypair: + force: no # Don't regenerate existing keys. + path: ~/.ssh/id_rsa + +- name: Read public key into tmp to copy over. + fetch: + src: ~/.ssh/id_rsa.pub + dest: /tmp/{{ ansible_hostname }}-id_rsa.pub + flat: yes + +- name: Add public key to main server's authorized keys + ansible.posix.authorized_key: + user: "{{ main_server_user }}" + key: "{{ lookup('file','/tmp/{{ ansible_hostname }}-id_rsa.pub')}}" + remote_user: "{{ main_server_user }}" + delegate_to: "{{ main_server_ip }}" + +- name: Touch the known_hosts file if it's missing + file: + path: ~/.ssh/known_hosts + state: touch + mode: 0644 + +- name: Check if known_hosts contains existing server fingerprint + command: ssh-keygen -F {{ main_server_user }} + register: key_exists + failed_when: key_exists.stderr != '' + changed_when: False + +- name: Scan for existing remote ssh fingerprint + command: ssh-keyscan -T5 {{ main_server_ip }} + register: keyscan + failed_when: keyscan.rc != 0 or keyscan.stdout == '' + changed_when: False + when: key_exists.rc == 1 + +- name: Copy ssh-key to local known_hosts + lineinfile: + name: ~/.ssh/known_hosts + create: yes + line: "{{ item }}" + when: key_exists.rc == 1 + with_items: "{{ keyscan.stdout_lines|default([]) }}" diff --git a/Linux/external-data-mirror/ansible/roles/mirror/tasks/main.yml b/Linux/external-data-mirror/ansible/roles/mirror/tasks/main.yml index aaa69ad..b1e2ddb 100644 --- a/Linux/external-data-mirror/ansible/roles/mirror/tasks/main.yml +++ b/Linux/external-data-mirror/ansible/roles/mirror/tasks/main.yml @@ -4,3 +4,6 @@ state: directory mode: '0755' +- name: Exchange SSH keys with linode so we can access the data. + import_tasks: exchange-keys.yml +