diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..676ee82 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.molecule +__pycache__ +*.pyc diff --git a/README.md b/README.md new file mode 100644 index 0000000..052409f --- /dev/null +++ b/README.md @@ -0,0 +1,56 @@ +SSH Keys +========= + +Simplest role to map users with provided ssh keys. + +Requirements +------------ + +User to distribute the key to need to be already present + +Role Variables +-------------- + +Only two variables here: + +```yml +# Default to clean +ssh_keys_clean: True + +ssh_keys_user: + root: + - "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" +``` + +Dependencies +------------ + +None + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: bastions + roles: + - role: j0lly.ssh-keys + ssh_keys_clean: False + ssh_keys_user: + user_a: + - https://place.to-store/keys + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmttIEinXN5+2J8g3V3XnVRshX9qllMNbHqGNT9x7glW5PsG1XUAKIjIvD5GfTEbqjxHuCuxXUuoUi/LsrQAGUO1hEnamsDZtczhWmoHiK8gzLW83qKIzXLsGEexzi7POnroRvjKNy2/koeigjY3+GcRXsJzwv0P4IaJMLi/aDvOhzLe00yiNQ6X+9Fdyp3n589e3k5H+A9BqROanoxuAA7ko0TGW52AHxM51doEofy4ySKqOj3M+vV5VwQNFmUFqa8WEnBYZ6k5eUL4ixJxY5TMzZfzWcOpIhI8+8WrnTmsDIB3t54VO3BeVW5hrG8W6oiwDVDvSDTpqklY2gmwI7" + - "ssh-rsa BBBBB3NzaC1yc2EAAAADAQABAAABAQDmttIEinXN5+2J8g3V3XnVRshX9qllMNbHqGNT9x7glW5PsG1XUAKIjIvD5GfTEbqjxHuCuxXUuoUi/LsrQAGUO1hEnamsDZtczhWmoHiK8gzLW83qKIzXLsGEexzi7POnroRvjKNy2/koeigjY3+GcRXsJzwv0P4IaJMLi/aDvOhzLe00yiNQ6X+9Fdyp3n589e3k5H+A9BqROanoxuAA7ko0TGW52AHxM51doEofy4ySKqOj3M+vV5VwQNFmUFqa8WEnBYZ6k5eUL4ixJxY5TMzZfzWcOpIhI8+8WrnTmsDIB3t54VO3BeVW5hrG8W6oiwDVDvSDTpqklY2gmwI7" + admin_user: + - https://another.place.to-store/keys + - '{{ lookup("file", "path/to/keys") }}' + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..e69ff5e --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# defaults file for ansible-role-ssh-keys +# define if extenally set keys need to be erased +ssh_keys_clean: True + +# based on user, define sources of keys +# see http://docs.ansible.com/ansible/authorized_key_module.html for item types +ssh_keys_user: + root: + - "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..ac3d0b2 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for ansible-role-ssh-keys diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..d712b13 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,16 @@ +galaxy_info: + author: j0lly + description: very simple role to manage ssh pulic keys + + license: BSD + + min_ansible_version: 2.2 + + platforms: + - name: EL + versions: + - 7 + + galaxy_tags: ['ssh', 'infrastructure', 'base'] + +dependencies: [] diff --git a/molecule.yml b/molecule.yml new file mode 100644 index 0000000..a6cb487 --- /dev/null +++ b/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + +ansible: + verbose: vvv + playbook: tests/playbook-test.yml + +driver: + name: docker + +docker: + containers: + - name: test-ssh-keys + image: centos + image_version: 7 + privileged: True + command: '/usr/lib/systemd/systemd' + +verifier: + name: testinfra diff --git a/tasks/add_keys.yml b/tasks/add_keys.yml new file mode 100644 index 0000000..e0b7d6e --- /dev/null +++ b/tasks/add_keys.yml @@ -0,0 +1,9 @@ +--- +# tasks file for ansible-role-ssh-keys +- name: Set authorized keys from items + authorized_key: + user: '{{ outer_item.key }}' + key: '{{ item }}' + state: present + exclusive: '{{ ssh_keys_clean }}' + with_items: '{{ outer_item.value }}' diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..2651167 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,6 @@ +--- +# tasks file for ansible-role-ssh-keys +- include: add_keys.yml + with_dict: '{{ssh_keys_user}}' + loop_control: + loop_var: outer_item diff --git a/tests/playbook-test.yml b/tests/playbook-test.yml new file mode 100644 index 0000000..d6c3dfe --- /dev/null +++ b/tests/playbook-test.yml @@ -0,0 +1,15 @@ +--- +- hosts: all + vars: + user_name: 'johnd' + pre_tasks: + - name: PRE - create test user + user: + name: '{{ user_name }}' + roles: + - role: ansible-role-ssh-keys + ssh_keys_user: + root: + - 'https://github.com/j0lly.keys' + '{{ user_name }}': + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmttIEinXN5+2J8g3V3XnVRshX9qllMNbHqGNT9x7glW5PsG1XUAKIjIvD5GfTEbqjxHuCuxXUuoUi/LsrQAGUO1hEnamsDZtczhWmoHiK8gzLW83qKIzXLsGEexzi7POnroRvjKNy2/koeigjY3+GcRXsJzwv0P4IaJMLi/aDvOhzLe00yiNQ6X+9Fdyp3n589e3k5H+A9BqROanoxuAA7ko0TGW52AHxM51doEofy4ySKqOj3M+vV5VwQNFmUFqa8WEnBYZ6k5eUL4ixJxY5TMzZfzWcOpIhI8+8WrnTmsDIB3t54VO3BeVW5hrG8W6oiwDVDvSDTpqklY2gmwI7" diff --git a/tests/test_default.py b/tests/test_default.py new file mode 100644 index 0000000..ef04a32 --- /dev/null +++ b/tests/test_default.py @@ -0,0 +1,12 @@ +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + '.molecule/ansible_inventory').get_hosts('all') + + +def test_hosts_file(File): + f = File('/etc/hosts') + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..81a30f9 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ansible-role-ssh-keys