Dustin C. Hatch
dfd828af08
The *ssh-host-certs* role, which is now applied as part of the `base.yml` playbook and therefore applies to all managed nodes, is responsible for installing the *sshca-cli* package and using it to request signed SSH host certificates. The *sshca-cli-systemd* sub-package includes systemd units that automate the process of requesting and renewing host certificates. These units need to be enabled and provided the URL of the SSHCA service. Additionally, the SSH daemon needs to be configured to load the host certificates.
10 lines
167 B
YAML
10 lines
167 B
YAML
- name: restart ssh-host-certs.target
|
|
systemd:
|
|
name: ssh-host-certs.target
|
|
state: started
|
|
|
|
- name: reload sshd
|
|
service:
|
|
name: sshd
|
|
state: reloaded
|