50 lines
1.6 KiB
YAML
50 lines
1.6 KiB
YAML
---
|
|
# One-time run to deploy Watchtower's SSH public key to TerraMaster.
|
|
# After this succeeds, --ask-pass is no longer needed for terramaster playbooks.
|
|
#
|
|
# Usage:
|
|
# ansible-playbook playbooks/storage/terramaster_deploy_ssh_key.yml --ask-pass
|
|
|
|
- name: Deploy SSH public key to TerraMaster
|
|
hosts: terramaster
|
|
gather_facts: false
|
|
become: false
|
|
|
|
vars:
|
|
ssh_public_key_path: "/home/chester/.ssh/id_ed25519.pub"
|
|
|
|
tasks:
|
|
- name: Verify public key file exists on control node
|
|
ansible.builtin.stat:
|
|
path: "{{ ssh_public_key_path }}"
|
|
register: pubkey_stat
|
|
delegate_to: localhost
|
|
failed_when: not pubkey_stat.stat.exists
|
|
|
|
- name: Read public key content from control node
|
|
ansible.builtin.slurp:
|
|
src: "{{ ssh_public_key_path }}"
|
|
register: pubkey_content
|
|
delegate_to: localhost
|
|
|
|
- name: Ensure ~/.ssh directory exists on TerraMaster
|
|
ansible.builtin.raw: "mkdir -p ~/.ssh && chmod 700 ~/.ssh"
|
|
changed_when: false
|
|
|
|
- name: Deploy public key to TerraMaster authorized_keys
|
|
ansible.builtin.raw: |
|
|
key="{{ pubkey_content.content | b64decode | trim }}"
|
|
if ! grep -qF "$key" ~/.ssh/authorized_keys 2>/dev/null; then
|
|
echo "$key" >> ~/.ssh/authorized_keys
|
|
chmod 600 ~/.ssh/authorized_keys
|
|
echo "KEY_ADDED"
|
|
else
|
|
echo "KEY_ALREADY_PRESENT"
|
|
fi
|
|
register: key_deploy_result
|
|
changed_when: "'KEY_ADDED' in key_deploy_result.stdout"
|
|
|
|
- name: Report key deployment result
|
|
ansible.builtin.debug:
|
|
msg: "{{ key_deploy_result.stdout | trim }}"
|