From 6902ee5aa78d91ebae7002047a41533994692947 Mon Sep 17 00:00:00 2001 From: Michael Collins Date: Sun, 19 Sep 2021 17:12:12 +0800 Subject: [PATCH] add rotate ssh module to matrix-awx --- docs/configuring-awx-system.md | 2 +- roles/matrix-awx/tasks/main.yml | 9 +++++++++ roles/matrix-awx/tasks/rotate_ssh.yml | 23 +++++++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 roles/matrix-awx/tasks/rotate_ssh.yml diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md index 87ea228a9..f455f0587 100644 --- a/docs/configuring-awx-system.md +++ b/docs/configuring-awx-system.md @@ -26,7 +26,7 @@ The following repositories allow you to copy and use this setup: Updates to this section are trailed here: -[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/gomatrixhosting-matrix-docker-ansible-deploy) +[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/matrix-docker-ansible-deploy) ## Does I need an AWX setup to use this? How do I configure it? diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 04356beb9..0b804e17a 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -62,6 +62,15 @@ tags: - purge-database +# Rotate SSH key if called +- include_tasks: + file: "rotate_ssh.yml" + apply: + tags: rotate-ssh + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - rotate-ssh + # Import configs, media repo from /chroot/backup import - include_tasks: file: "import_awx.yml" diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml new file mode 100644 index 000000000..59f32106d --- /dev/null +++ b/roles/matrix-awx/tasks/rotate_ssh.yml @@ -0,0 +1,23 @@ + +#- name: Update authorized_keys with new client public key +# #delegate_to: "matrix.{{ id_array.0 }}" +# delegate_to: "{{ id_array.0 }}" +# shell: | +# cp /root/.ssh/authorized_keys /root/.ssh/authorized_keys.backup \ +# && truncate -s 0 /root/.ssh/authorized_keys \ +# && echo "{{ new_ssh_public_key }}" >> /root/.ssh/authorized_keys + +- name: Set the new authorized key taken from file + authorized_key: + user: root + state: present + exclusive: yes + key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" + +- name: Set boolean value to exit playbook + set_fact: + end_playbook: true + +- name: End playbook if this task list is called. + meta: end_play + when: end_playbook is defined and end_playbook|bool