blob: 92657312ba3f42cd587087ad984b15b65b04dbf2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
---
- name: make sure sync client config directory exists
file:
path: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync"
state: directory
- name: generate ssh config for whawty-auth store sync client
copy:
content: |
Host whawty-auth-server
Hostname {{ whawty_auth_store.sync.hostname }}
{% if 'port' in whawty_auth_store.sync %}
Port {{ whawty_auth_store.sync.port }}
{% endif %}
User {{ whawty_auth_store.sync.user }}
IdentityFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519
IdentitiesOnly yes
UserKnownHostsFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts
dest: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/ssh_config"
- name: generate ssh keypair for sync client
openssh_keypair:
path: /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519
type: ed25519
comment: "whawty-auth-sync-{{ whawty_auth_store.name }}@{{ inventory_hostname }}"
- name: generate known_hosts file
shell: "ssh-keyscan{% if 'port' in whawty_auth_store.sync %} -p {{ whawty_auth_store.sync.port }}{% endif %} {{ whawty_auth_store.sync.hostname }} > /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts"
args:
creates: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts"
- name: install systemd units for whawty-auth store sync client
loop:
- service
- timer
template:
src: "systemd.{{ item }}.j2"
dest: "/etc/systemd/system/whawty-auth-store-sync-{{ whawty_auth_store.name }}.{{ item }}"
- name: make sure whawty-auth store sync client timer is enabled and started
systemd:
daemon_reload: yes
name: "whawty-auth-store-sync-{{ whawty_auth_store.name }}.timer"
state: started
enabled: yes
|