base: Factor out SSH host, user cert roles
Moving the SSH host and user certificate configuration roles out of `base.yml` into their own playbooks. This will make it easier to deploy them separately, and target different sets of hosts. The main driver for this change is the OVH VPS; being external, it cannot communicate with SSHCA and thus cannot have a signed host certificate. As such, we do not want to try to configure the SSHCA client on it at all.dynamic-inventory
parent
a3a2dde6ab
commit
34c1256f27
3
base.yml
3
base.yml
|
|
@ -2,9 +2,6 @@
|
||||||
- hosts: all
|
- hosts: all
|
||||||
roles:
|
roles:
|
||||||
- base
|
- base
|
||||||
- role: ssh-host-certs
|
|
||||||
tags: ssh-host-certs
|
|
||||||
- ssh-user-ca
|
|
||||||
- hosts: kvm-guest
|
- hosts: kvm-guest
|
||||||
roles:
|
roles:
|
||||||
- serial-console
|
- serial-console
|
||||||
|
|
|
||||||
|
|
@ -2,3 +2,5 @@
|
||||||
- import_playbook: hostname.yml
|
- import_playbook: hostname.yml
|
||||||
- import_playbook: base.yml
|
- import_playbook: base.yml
|
||||||
- import_playbook: firewalld.yml
|
- import_playbook: firewalld.yml
|
||||||
|
- import_playbook: ssh-host-certs.yml
|
||||||
|
- import_playbook: ssh-user-ca.yml
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: '!vps'
|
||||||
|
roles:
|
||||||
|
- role: ssh-host-certs
|
||||||
|
tags: ssh-host-certs
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- ssh-user-ca
|
||||||
Loading…
Reference in New Issue