parallelvirtualcluster
/
pvc-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add method to remove inactive SSH keys

This commit is contained in:
Joshua Boniface 2022-05-18 14:42:45 -04:00
parent dd4825a30a
commit 0a8b1bfa6e
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/default/base.yml
View File

@ -110,6 +110,8 @@ admin_users:
uid: 500 uid: 500
keys: keys:
- "ssh-ed25519 MyKey 2019-06" - "ssh-ed25519 MyKey 2019-06"
removed:
- "ssh-ed25519 ObsoleteKey 2017-01"
# Backup user SSH user keys, for remote backups separate from administrative users (e.g. rsync) # Backup user SSH user keys, for remote backups separate from administrative users (e.g. rsync)
# > Uncomment to activate this functionality. # > Uncomment to activate this functionality.

26
roles/base/tasks/main.yml
View File

@ -838,6 +838,7 @@
authorized_key: authorized_key:
user: "{{ deploy_username }}" user: "{{ deploy_username }}"
key: "{{ item.1 }}" key: "{{ item.1 }}"
state: present
with_subelements: with_subelements:
- "{{ admin_users }}" - "{{ admin_users }}"
- keys - keys
@ -845,6 +846,18 @@
- users - users
- user-deploy - user-deploy
- name: remove authorized keys
authorized_key:
user: "{{ deploy_username }}"
key: "{{ item.1 }}"
state: absent
with_subelements:
- "{{ admin_users }}"
- removed
tags:
- users
- user-deploy
# admin_users # admin_users
- name: ensure user exists - name: ensure user exists
user: user:
@ -890,6 +903,7 @@
authorized_key: authorized_key:
user: "{{ item.0.name }}" user: "{{ item.0.name }}"
key: "{{ item.1 }}" key: "{{ item.1 }}"
state: present
with_subelements: with_subelements:
- "{{ admin_users }}" - "{{ admin_users }}"
- keys - keys
@ -897,6 +911,18 @@
- users - users
- user-admin - user-admin
- name: remove authorized keys
authorized_key:
user: "{{ item.0.name }}"
key: "{{ item.1 }}"
state: absent
with_subelements:
- "{{ admin_users }}"
- removed
tags:
- users
- user-deploy
- name: write bashrc to homedir - name: write bashrc to homedir
template: template:
src: var/home/user/bashrc.j2 src: var/home/user/bashrc.j2