generating ssh-keys #152 #151 #112

ansible.cfg

@@ -8,5 +8,5 @@ host_key_checking = False
 record_host_keys = False
 
 [ssh_connection]
-ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o ConnectTimeout=6 -o ConnectionAttempts=30
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o ConnectTimeout=6 -o ConnectionAttempts=30 -o IdentitiesOnly=yes
 scp_if_ssh = True

config.cfg

@@ -73,3 +73,8 @@ congrats: |
   "#          Local DNS resolver and Proxy IP address: {{ local_service_ip }}"
   "#                     The p12 password is {{ easyrsa_p12_export_password }}"
   "#----------------------------------------------------------------------#"
+
+SSH_keys:
+  comment: algo@ssh
+  private: configs/algo.pem
+  public: configs/algo.pem.pub

deploy.yml

@@ -4,6 +4,11 @@
   vars_files:
     - config.cfg
 
+  pre_tasks:
+    - name: Local pre-tasks
+      include: playbooks/local.yml
+      tags: [ 'cloud' ]
+
   roles:
     - { role: cloud-digitalocean, tags: ['digitalocean'] }
     - { role: cloud-ec2, tags: ['ec2'] }

playbooks/local.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Generate the SSH private key
+  local_action: shell echo -e  'n' | ssh-keygen -b 2048 -C {{ SSH_keys.comment }} -t rsa -f {{ SSH_keys.private }} -q -N ""
+  args:
+    creates: configs/algo.pem
+
+- name: Generate the SSH public key
+  local_action: shell echo `ssh-keygen -y -f configs/algo.pem` {{ SSH_keys.comment }} > {{ SSH_keys.public }}
+  args:
+    creates: configs/algo.pem.pub
+
+- name: Change mode for the SSH private key
+  local_action: file path=configs/algo.pem mode=0600

roles/cloud-azure/tasks/main.yml

@@ -46,7 +46,7 @@
     tags:
       service: algo
     ssh_public_keys:
-      - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ ssh_public_key }}') }}" }
+      - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ SSH_keys.public }}') }}" }
     image:
       offer: UbuntuServer
       publisher: Canonical
@@ -63,6 +63,7 @@
     groups: vpn-host
     ansible_ssh_user: ubuntu
     ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
     cloud_provider: azure
     ipv6_support: no
 

roles/cloud-digitalocean/tasks/main.yml

@@ -1,12 +1,45 @@
 - name: Set the DigitalOcean Access Token fact
   set_fact:
     do_token: "{{ do_access_token }}"
+    public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
+
+- name: Get existing SSH keys
+  uri:
+    url: https://api.digitalocean.com/v2/account/keys
+    method: GET
+    HEADER_Content-Type: 'application/json'
+    HEADER_Authorization: "Bearer {{ do_access_token }}"
+    status_code: 200
+    body_format: json
+  register: do_existing_keys
+
+- set_fact:
+    ssh_key_exist: true
+  when: public_key == item.public_key
+  with_items:
+    - "{{ do_existing_keys.json.ssh_keys }}"
+
+- name: Upload the SSH key
+  uri:
+    url: https://api.digitalocean.com/v2/account/keys
+    method: POST
+    HEADER_Content-Type: 'application/json'
+    HEADER_Authorization: "Bearer {{ do_access_token }}"
+    body: >
+      {
+        "name" : "{{ SSH_keys.comment }}",
+        "public_key" : "{{ public_key }}"
+      }
+    status_code: 201
+    body_format: json
+  register: do_ssh_key
+  when: ssh_key_exist is not defined
 
 - name: "Getting your SSH key ID on Digital Ocean..."
   digital_ocean:
     state: present
     command: ssh
-    name: "{{ do_ssh_name }}"
+    name: "{{ SSH_keys.comment }}"
     api_token: "{{ do_access_token }}"
   register: do_ssh_key
 
@@ -30,6 +63,7 @@
     groups: vpn-host
     ansible_ssh_user: root
     ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
     do_access_token: "{{ do_access_token }}"
     do_droplet_id: "{{ do.droplet.id }}"
     cloud_provider: digitalocean

roles/cloud-ec2/tasks/main.yml

@@ -20,7 +20,7 @@
     name: VPNKEY
     region: "{{ region }}"
     key_material: "{{ item }}"
-  with_file: "{{ ssh_public_key }}"
+  with_file: "{{ SSH_keys.public }}"
   register: keypair
 
 - name: Configure EC2 virtual private clouds
@@ -103,6 +103,7 @@
     groupname: vpn-host
     ansible_ssh_user: ubuntu
     ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
     cloud_provider: ec2
     ipv6_support: no
   with_items: "{{ ec2.tagged_instances }}"

roles/cloud-gce/tasks/main.yml

@@ -1,6 +1,6 @@
 - set_fact:
     credentials_file_lookup: "{{ lookup('file', '{{ credentials_file }}') }}"
-    ssh_public_key_lookup: "{{ lookup('file', '{{ ssh_public_key }}') }}"
+    ssh_public_key_lookup: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
 
 - name: "Creating a new instance..."
   gce:
@@ -20,6 +20,7 @@
     groups: vpn-host
     ansible_ssh_user: ubuntu
     ansible_python_interpreter: "/usr/bin/python2.7"
+    ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
     cloud_provider: gce
     ipv6_support: no