Role to prepare Servers for Deployment. Place ssh-key-Pairs for Authentication with Git-Repositorys
none
none
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
BSD
the following files are encrypted with our base password:
- auth.json
- id_rsa
- id_rsa.pub
This will only work in Projects which are using this insecure base-Password. To be able to use this role in Projects with greater security-needs (with different vaultpass), this files can be placed in the files-directory of the Ansible-Project and can be re-encrypted with the new Password. It is important that
- the files are named differently
- the default-Variables of this role containing the standard-Filenames are overwritten with the new Filenames.
The public keys for the following SSH hosts are stored here:
- github.com
- bitbucket.org
- packagist.org
This is important to avoid scanning for ssh keys on each ansible run.
They can be obtained/generated by:
ssh-keyscan -t rsa {bitbucket.org,github.com,packagist.org}
Please make sure that they are up-to-date and correct(!). You can find the fingerprints here:
- https://help.github.com/articles/github-s-ssh-key-fingerprints/
- https://confluence.atlassian.com/bitbucket/troubleshoot-ssh-issues-271943403.html
Matthias Alt [email protected]