Opened 2 years ago
Closed 2 years ago
#44 closed Task (Done)
Use Ansible to update ssh keys for feurig and joe.
Reported by: | D Delmar Davis | Owned by: | |
---|---|---|---|
Priority: | Important | Milestone: | Make Shit Happen / Own Your Shit. |
Component: | Infrastructure | Keywords: | security |
Cc: | Joe Dumoulin |
Description
Make a playbook or document doing it by hand.
Change History (10)
comment:1 Changed 2 years ago by
comment:3 Changed 2 years ago by
https://docs.ansible.com/ansible/latest/modules/authorized_key_module.html#authorized-key-module
- name: Set authorized key, removing all the authorized keys already set authorized_key: user: root key: '{{ item }}' state: present exclusive: True with_file: - public_keys/doe-jane
comment:4 Changed 2 years ago by
From https://v-punk.com/automate-password-changes-with-ansible/
tasks: - name: Change xxx password user: name=xxx update_password=always password=HASHGOESHERE
comment:5 Changed 2 years ago by
Ansible is a fucking pain in the ass.
Started playbook at.
https://bitbucket.org/suspectdevicesadmin/ansible/src/master/playbooks/propagate-keys.yml
comment:6 Changed 2 years ago by
Ansible is a major fucking pain in the ass (4 days figuring out which fucking valid regex actually worked).
Have working password propagation at
https://bitbucket.org/suspectdevicesadmin/ansible/src/master/playbooks/set-passwords.yml
To use it.
- Change your password on kb2018
- run ansible-playbook /etc/ansible/playbooks/set-passwords.yml (as root)
comment:7 Changed 2 years ago by
Since bs2020 is a failsafe for access to kb2018 this does not currently update its passed.
(will fix this when everyone has discussed it)
comment:8 Changed 2 years ago by
Actually I lied. It sets bs2020s as well.
On to propagate the ssh keys....
comment:9 Changed 2 years ago by
Added key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdd/Y6GAN71DucDBAftteSpibpKc0QKKl3OWQQ8c3p4yO3akrfw6Ozln+t5YbLDZWfmP477sXp4ykg8pIOMRp4n7G6q9DOhyYYpl73HuXyHo25a8PLoC1Cf08Nxxv+fusIGSpooROxW/1YklclEq2MY3Tyvp2N/QBB+nPbwkvwMp1THiLJKzwPm7TO26RmgzHCVjIHHioY9KHj6AgeNUufN/kLH4vH59+VSMA59sukIxxYoCe8chSmIab3JYWhUklV90+UU5iU74DuV1sdVzCiAbpOZ37FTCJWTJa3LiNpTzitUc2ZBMiCRzlIOLD9zK9HmyqkAn7fAmTQb0mU+Et/ joe@joe-dldev
to kb2018 and removed nextit key.
Please test and I will propagate with script when complete.
comment:10 Changed 2 years ago by
Resolution: | → Done |
---|---|
Status: | assigned → closed |
- Keys and passwords are updated on all systems.
- passwords are updated on susdev20 profile. will need to update keys manually.
- Will need to write up script usage.
Need this for spare laptop while mine is in the shop.