Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
69 lines (58 sloc) 2.12 KB
- name: Generate local key if not exists
user:
name: root
generate_ssh_key: yes
- name: Add known hosts
known_hosts:
name: "{{ borg_host_addr }}"
key: "{{ borg_host_key }}"
hash_host: no
- name: Get local key
command: cat /root/.ssh/id_rsa.pub
register: local_key
changed_when: False
- name: Print local key
debug:
var: local_key
- block:
# FIXME: This task, if run in parallel, leads to race conditions, as the same
# authorized_key file is written by multiple parties simultaneously.
# https://github.com/ansible/ansible/issues/12170
- name: Install local key
authorized_key:
user: "{{ borg_host_user }}"
key: "{{ local_key.stdout }}"
delegate_to: "{{ borg_host_addr }}"
when: "'rsync.net' not in borg_host_addr"
# The following tasks do essentially the same thing as the "authorized_key"
# Ansible module for jailed SSH accounts of rsync.net
#
# A list of available commands is available at:
# http://www.rsync.net/resources/howto/remote_commands.html
- block:
- name: Get remote installed keys
command: ssh {{ borg_host_user}}@{{ borg_host_addr }} tail -n100 .ssh/authorized_keys
register: installed_keys
delegate_to: localhost
become: no
changed_when: False
- name: Print all installed keys
debug:
var: installed_keys
- name: Key is installed
set_fact:
local_key_installed: True
when: local_key.stdout in installed_keys.stdout_lines
- name: Key is not installed
set_fact:
local_key_installed: False
when: local_key.stdout not in installed_keys.stdout_lines
# FIXME: This task, if run in parallel, leads to race conditions, as the same
# authorized_key file is written by multiple parties simultaneously.
# https://github.com/ansible/ansible/issues/12170
- name: Install local key
shell: echo {{ local_key.stdout }} | ssh {{ borg_host_user}}@{{ borg_host_addr }} 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'
delegate_to: localhost
become: no
when: not local_key_installed
when: "'rsync.net' in borg_host_addr"