Opened 21 months ago
Closed 18 months ago
#44 closed Task (Done)
Use Ansible to update ssh keys for feurig and joe.
| Reported by: | D Delmar Davis | Owned by: | |
|---|---|---|---|
| Priority: | Important | Milestone: | Make Shit Happen / Own Your Shit. |
| Component: | Infrastructure | Keywords: | security |
| Cc: | Joe Dumoulin |
Description
Make a playbook or document doing it by hand.
Change History (10)
comment:1 Changed 21 months ago by
comment:2 Changed 21 months ago by
| Owner: | D Delmar Davis deleted |
|---|
Will do this when the new computer.
comment:3 Changed 20 months ago by
https://docs.ansible.com/ansible/latest/modules/authorized_key_module.html#authorized-key-module
- name: Set authorized key, removing all the authorized keys already set
authorized_key:
user: root
key: '{{ item }}'
state: present
exclusive: True
with_file:
- public_keys/doe-jane
comment:4 Changed 19 months ago by
From https://v-punk.com/automate-password-changes-with-ansible/
tasks:
- name: Change xxx password
user: name=xxx update_password=always password=HASHGOESHERE
comment:5 Changed 19 months ago by
Ansible is a fucking pain in the ass.
Started playbook at.
https://bitbucket.org/suspectdevicesadmin/ansible/src/master/playbooks/propagate-keys.yml
comment:6 Changed 18 months ago by
Ansible is a major fucking pain in the ass (4 days figuring out which fucking valid regex actually worked).
Have working password propagation at
https://bitbucket.org/suspectdevicesadmin/ansible/src/master/playbooks/set-passwords.yml
To use it.
- Change your password on kb2018
- run ansible-playbook /etc/ansible/playbooks/set-passwords.yml (as root)
comment:7 Changed 18 months ago by
Since bs2020 is a failsafe for access to kb2018 this does not currently update its passed.
(will fix this when everyone has discussed it)
comment:8 Changed 18 months ago by
Actually I lied. It sets bs2020s as well.
On to propagate the ssh keys....
comment:9 Changed 18 months ago by
Added key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdd/Y6GAN71DucDBAftteSpibpKc0QKKl3OWQQ8c3p4yO3akrfw6Ozln+t5YbLDZWfmP477sXp4ykg8pIOMRp4n7G6q9DOhyYYpl73HuXyHo25a8PLoC1Cf08Nxxv+fusIGSpooROxW/1YklclEq2MY3Tyvp2N/QBB+nPbwkvwMp1THiLJKzwPm7TO26RmgzHCVjIHHioY9KHj6AgeNUufN/kLH4vH59+VSMA59sukIxxYoCe8chSmIab3JYWhUklV90+UU5iU74DuV1sdVzCiAbpOZ37FTCJWTJa3LiNpTzitUc2ZBMiCRzlIOLD9zK9HmyqkAn7fAmTQb0mU+Et/ joe@joe-dldev
to kb2018 and removed nextit key.
Please test and I will propagate with script when complete.
comment:10 Changed 18 months ago by
| Resolution: | → Done |
|---|---|
| Status: | assigned → closed |
- Keys and passwords are updated on all systems.
- passwords are updated on susdev20 profile. will need to update keys manually.
- Will need to write up script usage.
Need this for spare laptop while mine is in the shop.