Tests and bug fixes

d12c6ee0 · jurgenhaas · 8c6b55bb · d12c6ee0 · d12c6ee0 · d12c6ee0
Commit d12c6ee0 authored 9 years ago by jurgenhaas
--- a/tasks/commonauth.yml
+++ b/tasks/commonauth.yml
 ---
 # file: roles/commonauth/tasks/commonauth.yml

- name: 'Common | Create The /etc/hosts File'
-  template: src=etc_hosts
-            dest=/etc/hosts
-            owner=root
-            group=root
-            mode=0644
-  when: scope == 'all'
+- name: "Common | Create The /etc/hosts File"
+  template:
+    src=etc_hosts
+    dest=/etc/hosts
+    owner=root
+    group=root
+    mode=0644

- name: 'User | Create All Required Users'
-  user: name={{item}}
-        group=root
-        groups=root,sudo,www-data
-        home=/home/{{item}}
-        generate_ssh_key=yes
-        ssh_key_bits=2048
-        password={{initial_password}}
-        update_password=on_create
+- name: "User | Create All Required Users"
+  user:
+    name={{ item }}
+    group=root
+    groups=root,sudo,www-data
+    home=/home/{{ item }}
+    generate_ssh_key=yes
+    ssh_key_bits=2048
+    password={{ initial_password }}
+    update_password=on_create
  with_items: admins

- name: 'User | Copy SSH Config For Server-To-Server Communication For Admins'
-  template: src=ssh_config
-            dest=/home/{{item}}/.ssh/config
-            owner={{item}}
-            group=root
-            mode=644
+- name: "User | Copy SSH Config For Server-To-Server Communication For Admins"
+  template:
+    src=ssh_config
+    dest=/home/{{ item }}/.ssh/config
+    owner={{ item }}
+    group=root
+    mode=644
  with_items: admins

 - include: distribute_certs.yml
  when: distribute_certs

- name: 'User | Install Public Key For Extra Users'
-  authorized_key: user={{item.username}}
-                  key="{{lookup('file', inventory_dir + '/files/certs/' + item.certname + '.d2s.pub')}}"
+- name: "User | Install Public Key For Extra Users"
+  authorized_key:
+    user={{ item.username }}
+    key="{{ lookup('file', inventory_dir + '/files/keys/' + item.certname + '.d2s.pub') }}"
  with_items: auth_certs
-
--- a/tasks/distribute_certs.yml
+++ b/tasks/distribute_certs.yml
@@ -3,50 +3,53 @@
 ---
 # file: roles/commonauth/tasks/distribute_certs.yml

- name: 'Certs | Remove the fresh auth file in case it does already exist'
+- name: "Certs | Remove the fresh auth file in case it does already exist"
  file:
-    path=/home/{{item}}/.ssh/auth_keys_fresh
+    path=/home/{{ item }}/.ssh/auth_keys_fresh
    state=absent
  with_items: admins

- name: 'Certs | Install Public Keys For Desktop-To-Server Communication in a fresh file'
-  authorized_key: user={{item}}
-                  key="{{lookup('file', inventory_dir + '/files/certs/' + item + '.d2s.pub')}}"
-                  path="/home/{{item}}/.ssh/fresh_auth_keys_{{item}}"
+- name: "Certs | Install Public Keys For Desktop-To-Server Communication in a fresh file"
+  authorized_key:
+    user={{ item }}
+    key={{ lookup('file', inventory_dir + '/files/keys/' + item + '.d2s.pub') }}
+    path=/home/{{ item }}/.ssh/fresh_auth_keys_{{ item }}
  with_items: admins

- name: 'Certs | Read public key of tunnel user'
-  command: more /home/{{tunnel_user_name}}/.ssh/id_rsa.pub
+- name: "Certs | Read public key of tunnel user"
+  command: more /home/{{ tunnel_user_name }}/.ssh/id_rsa.pub
  register: pubkey

- name: 'Certs | Distribute public key of tunnel user'
-  authorized_key: user={{tunnel_user_name}}
-                  key="{{pubkey.stdout}} {{inventory_hostname}}"
-                  path="/home/{{tunnel_user_name}}/.ssh/fresh_auth_keys_tunnel_{{inventory_hostname}}"
-  delegate_to: '{{item}}'
+- name: "Certs | Distribute public key of tunnel user"
+  authorized_key:
+    user={{ tunnel_user_name }}
+    key={{ pubkey.stdout }} {{ inventory_hostname }}
+    path=/home/{{ tunnel_user_name }}/.ssh/fresh_auth_keys_tunnel_{{ inventory_hostname }}
+  delegate_to: '{{ item }}'
  with_items: groups.all

- name: 'Certs | Merge all public keys'
-  shell: cat /home/{{item}}/.ssh/fresh_auth_keys* > /home/{{item}}/.ssh/auth_keys_fresh
+- name: "Certs | Merge all public keys"
+  shell: cat /home/{{ item }}/.ssh/fresh_auth_keys* > /home/{{ item }}/.ssh/auth_keys_fresh
  with_items: admins

- name: 'Certs | Remove temp files'
-  shell: rm /home/{{item}}/.ssh/fresh_auth_keys_*
+- name: "Certs | Remove temp files"
+  shell: rm /home/{{ item }}/.ssh/fresh_auth_keys_*
  with_items: admins

- name: 'Certs | Set ownership of authorized key file'
-  shell: chown {{item}}:root /home/{{item}}/.ssh/auth_keys_fresh
+- name: "Certs | Set ownership of authorized key file"
+  shell: chown {{ item }}:root /home/{{ item }}/.ssh/auth_keys_fresh
  with_items: admins

- name: 'Certs | Set permission for authorized key file'
-  shell: chmod 600 /home/{{item}}/.ssh/auth_keys_fresh
+- name: "Certs | Set permission for authorized key file"
+  shell: chmod 600 /home/{{ item }}/.ssh/auth_keys_fresh
  with_items: admins

- name: 'Certs | Make sure the authorized_keys file exists'
-  file: name='/home/{{item}}/.ssh/authorized_keys'
-        state=touch
+- name: "Certs | Make sure the authorized_keys file exists"
+  file:
+    name=/home/{{ item }}/.ssh/authorized_keys
+    state=touch
  with_items: admins

- name: 'Certs | Move the fresh auth file to replace the old one'
-  shell: rm /home/{{item}}/.ssh/authorized_keys && mv /home/{{item}}/.ssh/auth_keys_fresh /home/{{item}}/.ssh/authorized_keys
+- name: "Certs | Move the fresh auth file to replace the old one"
+  shell: rm /home/{{ item }}/.ssh/authorized_keys && mv /home/{{ item }}/.ssh/auth_keys_fresh /home/{{ item }}/.ssh/authorized_keys
  with_items: admins
--- a/templates/ssh_config
+++ b/templates/ssh_config
@@ -4,10 +4,10 @@ StrictHostKeyChecking no
 ForwardAgent yes

 {% for host in commonauth_extras %}
-{% if host[certfile] is defined %}
-{% for name in host['names'] %}
-Host {{name}}
-  IdentityFile ~/.ssh/{{host[certfile]}}
+{% if host.certfile is defined %}
+{% for name in host.names %}
+Host {{ name }}
+  IdentityFile ~/.ssh/{{ host.certfile }}

 {% endfor %}
 {% endif %}