bugfix: updated ssh key configuration

- + peter.heise - + gitlabci - - ansible - added date suffix to outdated ssh keys - updating root ssh key is now active per default
4 years ago · 81d9923332
parent 5ee82d2b8e
commit 81d9923332
12 changed files with 9 additions and 8 deletions
--- a/patchday.yml
+++ b/patchday.yml
@ -130,7 +130,7 @@
      when:
        - check_postgres.failed

- hosts: all,!elastic,!postgres,!k8s_cluster,!gw
+- hosts: all,!elastic,!postgres,!k8s_cluster
  serial: 10
  become: yes
  tasks:
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -33,7 +33,7 @@
    key: "{{ lookup('file', 'users/' + item + '/ssh.pub') }}"
  loop: '{{ smardigo_plattform_users }}'
  tags:
-    - never
+    - users
    - root_authorized_keys

 # ansible-lint related hint
@ -46,7 +46,7 @@
    key: "{{ lookup('file', 'users/outdated/' + item.path) }}"
  with_community.general.filetree: users/outdated/
  tags:
-    - never
+    - users
    - root_authorized_keys

 - name: "Read current users" # noqa risky-shell-pipe
--- a/setup.yml
+++ b/setup.yml
@ -1,7 +1,7 @@
 ---

 - name: 'apply setup to {{ host | default("all") }}'
-  hosts: '{{ host | default("all") }},!gw'
+  hosts: '{{ host | default("all") }}'
  serial: "{{ serial_number | default(10) }}"
  strategy: free
  vars:
--- a/users/outdated/alexander.gordon.2021.09.29.pub
+++ b/users/outdated/alexander.gordon.2021.09.29.pub
--- a/users/outdated/ansible.2022.03.18.pub
+++ b/users/outdated/ansible.2022.03.18.pub
@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNLUecch9TFY4feiE+4Scq7at7JLkIPnQIbwFMjUrYEsuHIQlyWuxfiUtCcTYRcS7eDSk0gPyAADPAkDSHpeOtF9CXAISWm4kORu9S3lgIm7113QT2xGdyag19G/Qrm0RHzujaBbAuRh4R7OK93+l2GqxBrL5ryHVDquTPoNxtBBCEfvAsEEoC2wRjyvWKfR6/rl8wTAOD+1Sty8iixUg6IVABOBN6ZjbSZ8WoWIqwgvZ5P55TkfSyQSbXArM8yqLRwHEHsSBZ0lCJmNS+Y6003dkjvY8UDAu4/VPhETH6l7kzvXNty64AjQGqbj569KtvBJINt7GtuwXq3bFzdRf61mSOfx+JAIzmJYCr0VrqOgTUhrnW9QY31FXUxr97nJRCa7s6E6+r4og0QkatLfLqnoCdJ/V+rK/TzUtywDWeTCInzHOEZgd2K/Rin3vnKFGpsPLZasVNS1KR3m/+r4BqCEO2/D/8xoV3Z8fegyBczrxn8cXpuUp7kIro5p2xpZ8= ansible@smardigo.digital
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNLUecch9TFY4feiE+4Scq7at7JLkIPnQIbwFMjUrYEsuHIQlyWuxfiUtCcTYRcS7eDSk0gPyAADPAkDSHpeOtF9CXAISWm4kORu9S3lgIm7113QT2xGdyag19G/Qrm0RHzujaBbAuRh4R7OK93+l2GqxBrL5ryHVDquTPoNxtBBCEfvAsEEoC2wRjyvWKfR6/rl8wTAOD+1Sty8iixUg6IVABOBN6ZjbSZ8WoWIqwgvZ5P55TkfSyQSbXArM8yqLRwHEHsSBZ0lCJmNS+Y6003dkjvY8UDAu4/VPhETH6l7kzvXNty64AjQGqbj569KtvBJINt7GtuwXq3bFzdRf61mSOfx+JAIzmJYCr0VrqOgTUhrnW9QY31FXUxr97nJRCa7s6E6+r4og0QkatLfLqnoCdJ/V+rK/TzUtywDWeTCInzHOEZgd2K/Rin3vnKFGpsPLZasVNS1KR3m/+r4BqCEO2/D/8xoV3Z8fegyBczrxn8cXpuUp7kIro5p2xpZ8= ansible@smardigo.digital
--- a/users/outdated/daniel.dz.2021.09.29.pub
+++ b/users/outdated/daniel.dz.2021.09.29.pub
--- a/users/outdated/friedrich.goerz.2021.10.07.pub
+++ b/users/outdated/friedrich.goerz.2021.10.07.pub
--- a/users/outdated/gitlabci.2022.03.15.pub
+++ b/users/outdated/gitlabci.2022.03.15.pub
--- a/users/outdated/peter.heise.2021.09.29.pub
+++ b/users/outdated/peter.heise.2021.09.29.pub
@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDt5aOYXBbBuPxJreoyJ7no+zOzTNyHTH+PZ0/z6U6X0D+kRae0/rzInFknPJhWQw/Jyw6Q5m2bl8G8WviY8Nh6XuOCo1Fs7pP+egZOQJR0oZnjzvDv9nC27dtHRkbr8CJ0kv1qTu04d/gKvC4I6zDp6fZXS9X4ZjBcO+zvO5QfJpa2zVqnsSoNBqGkOU81vWQD17yn08BpP+WgMFUl2DsWw2zzVOO5CwCjd4lfqZuWY4GIKSfEJed7iQAKzQghd+dL/tQECdkJmNPDuzXW66kv5NPEOEfYiAD3jggoIUvzhSyZEWuMUazYLYYlg3kMD0ALS9QQCPRc4katLizKXfnbVT8U6eHFrdcbGR20ct4ssRdEEXk2VMCIUqQGl2+fybiYs9hNc0f2K8Osb+f/sR5yPBN106zOV7Tbd6bdBljtKLMu7UdOhVdKQHOi63/kck1sI249L/EuMNPGTksNvIDGMpZ20nG5S4YjH5lB7Lxhr9vRdfeJCJRlObNH1IHm+xU1YnAkl6Qcq7iy/lu2TQWiKmHaOO4ijI7ckcIVVZGbxeaAxURPoA46iOlLMBup1WkzqeiO4z7Z2dmr8yAn/4fDHa3igoC+AVlWNUOPS8GfoC7qM4vVicffa4O/gwnkv2lXagvJ5SKdWkMR2XXLaX+VL6PtdCls6vvARlsPCmWJ9Q== pheise@latitude7490
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDt5aOYXBbBuPxJreoyJ7no+zOzTNyHTH+PZ0/z6U6X0D+kRae0/rzInFknPJhWQw/Jyw6Q5m2bl8G8WviY8Nh6XuOCo1Fs7pP+egZOQJR0oZnjzvDv9nC27dtHRkbr8CJ0kv1qTu04d/gKvC4I6zDp6fZXS9X4ZjBcO+zvO5QfJpa2zVqnsSoNBqGkOU81vWQD17yn08BpP+WgMFUl2DsWw2zzVOO5CwCjd4lfqZuWY4GIKSfEJed7iQAKzQghd+dL/tQECdkJmNPDuzXW66kv5NPEOEfYiAD3jggoIUvzhSyZEWuMUazYLYYlg3kMD0ALS9QQCPRc4katLizKXfnbVT8U6eHFrdcbGR20ct4ssRdEEXk2VMCIUqQGl2+fybiYs9hNc0f2K8Osb+f/sR5yPBN106zOV7Tbd6bdBljtKLMu7UdOhVdKQHOi63/kck1sI249L/EuMNPGTksNvIDGMpZ20nG5S4YjH5lB7Lxhr9vRdfeJCJRlObNH1IHm+xU1YnAkl6Qcq7iy/lu2TQWiKmHaOO4ijI7ckcIVVZGbxeaAxURPoA46iOlLMBup1WkzqeiO4z7Z2dmr8yAn/4fDHa3igoC+AVlWNUOPS8GfoC7qM4vVicffa4O/gwnkv2lXagvJ5SKdWkMR2XXLaX+VL6PtdCls6vvARlsPCmWJ9Q== pheise@latitude7490
--- a/users/outdated/peter.heise.2022.03.18.pub
+++ b/users/outdated/peter.heise.2022.03.18.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPiWNJzb4vqgkjsRjl1C5oTQbyEvsBPfBuVf3AL9Ssw7RJb8hl3VqVegJ1HqNe1/j4R04a53ND5qy93GBAYOI3iNKiWq2Cd9DM9QHN+EiNG7eo0wkr/VhBh5bh6knn12RXX1T0xnR9jeB3rIQWyJyR+PTSEz4oul+QjlKB8uO7LLmsoqVpVqGhj7xtoVIEfJPMCEBMjj/jc3rGK1ezrXBGCTFEQPl5b+XRy9kybv5hf6W02yPm82RRozG3/3zObiNPX/ajt5mHB09CTq5JLeLFlfftpcLEON1CDpzACm7cIvnYoHKltaGjkZaprxpPApkKLiPe8zVUYiG0wt5qYUXS/AQ5u6I0vFA+5H3fEYZMalp4fwf4OWFxqJQH97sivQe/q7SnOA70GiClri9qWt6r6/LP7du7UySvOWVX8R6CuD3OdaAHXng1UWLDwqP9r2XshQIVo90vz9vLVP2k7bBchxignmD7WL4VnEG5bhhf487xhK3+YCG8TWtGO8MXDp0= peter.heise@netgo.de
--- a/users/peter.heise/ssh.pub
+++ b/users/peter.heise/ssh.pub
@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPiWNJzb4vqgkjsRjl1C5oTQbyEvsBPfBuVf3AL9Ssw7RJb8hl3VqVegJ1HqNe1/j4R04a53ND5qy93GBAYOI3iNKiWq2Cd9DM9QHN+EiNG7eo0wkr/VhBh5bh6knn12RXX1T0xnR9jeB3rIQWyJyR+PTSEz4oul+QjlKB8uO7LLmsoqVpVqGhj7xtoVIEfJPMCEBMjj/jc3rGK1ezrXBGCTFEQPl5b+XRy9kybv5hf6W02yPm82RRozG3/3zObiNPX/ajt5mHB09CTq5JLeLFlfftpcLEON1CDpzACm7cIvnYoHKltaGjkZaprxpPApkKLiPe8zVUYiG0wt5qYUXS/AQ5u6I0vFA+5H3fEYZMalp4fwf4OWFxqJQH97sivQe/q7SnOA70GiClri9qWt6r6/LP7du7UySvOWVX8R6CuD3OdaAHXng1UWLDwqP9r2XshQIVo90vz9vLVP2k7bBchxignmD7WL4VnEG5bhhf487xhK3+YCG8TWtGO8MXDp0= peter.heise@netgo.de
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsKMA/LoU/tPnxb25MT0NZnbkBPpn3THcVzM/KWLI1g peter.heise@netgo.de
--- a/users/sven.ketelsen/ssh.pub
+++ b/users/sven.ketelsen/ssh.pub
@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDiP5IHm3hTbO/DBEwVoEFvbiOX56d67Q4fPWkmJlLAygQ40kRJj2ijzYNCryh4JSxXxOVu42c79Lzyxt1h/OhayGOatdAyEe/GIQB0YI4G5UmIxZecZCxOT3Uqj4j0+LDHH8QFkJUI59FpznM9VezwciL2Dxc2dA8lrEtKJVoZuCxHSx84GwzqBZdIhyNSSGvXu/ZP/KpT8ACAx5F5PJ3D+B+3pYuYLnzsYJ8Y4RYCoQ8bIX89txJ7bF2lrMmPeE3t2ms4bAh+QbohED0SksQKt1xEt9gt/Be+cRdrdts5XYfdKyd4iAFtzuRVOUTt4OcwqrFsiDeJRLK8taMH9Fz sven.ketelsen@netgo.de
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDiP5IHm3hTbO/DBEwVoEFvbiOX56d67Q4fPWkmJlLAygQ40kRJj2ijzYNCryh4JSxXxOVu42c79Lzyxt1h/OhayGOatdAyEe/GIQB0YI4G5UmIxZecZCxOT3Uqj4j0+LDHH8QFkJUI59FpznM9VezwciL2Dxc2dA8lrEtKJVoZuCxHSx84GwzqBZdIhyNSSGvXu/ZP/KpT8ACAx5F5PJ3D+B+3pYuYLnzsYJ8Y4RYCoQ8bIX89txJ7bF2lrMmPeE3t2ms4bAh+QbohED0SksQKt1xEt9gt/Be+cRdrdts5XYfdKyd4iAFtzuRVOUTt4OcwqrFsiDeJRLK8taMH9Fz sven.ketelsen@netgo.de
				`@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPiWNJzb4vqgkjsRjl1C5oTQbyEvsBPfBuVf3AL9Ssw7RJb8hl3VqVegJ1HqNe1/j4R04a53ND5qy93GBAYOI3iNKiWq2Cd9DM9QHN+EiNG7eo0wkr/VhBh5bh6knn12RXX1T0xnR9jeB3rIQWyJyR+PTSEz4oul+QjlKB8uO7LLmsoqVpVqGhj7xtoVIEfJPMCEBMjj/jc3rGK1ezrXBGCTFEQPl5b+XRy9kybv5hf6W02yPm82RRozG3/3zObiNPX/ajt5mHB09CTq5JLeLFlfftpcLEON1CDpzACm7cIvnYoHKltaGjkZaprxpPApkKLiPe8zVUYiG0wt5qYUXS/AQ5u6I0vFA+5H3fEYZMalp4fwf4OWFxqJQH97sivQe/q7SnOA70GiClri9qWt6r6/LP7du7UySvOWVX8R6CuD3OdaAHXng1UWLDwqP9r2XshQIVo90vz9vLVP2k7bBchxignmD7WL4VnEG5bhhf487xhK3+YCG8TWtGO8MXDp0= peter.heise@netgo.de