replaced photon bootstrap script

2016-11-23 17:59:08 +01:00 · 2016-11-23 17:59:08 +01:00 · d37f6a4e45
parent c63e9d9538
commit d37f6a4e45
1 changed files with 58 additions and 22 deletions
--- a/roles/ffmwu-meshing/tasks/mwu-m-bes.yml
+++ b/roles/ffmwu-meshing/tasks/mwu-m-bes.yml
@ -9,30 +9,66 @@
    repo: "https://github.com/freifunk-mwu/backend-scripts.git"
    accept_hostkey: yes

- name: generate host key
-  shell: python3 ~/clones/backend-scripts/bootstrap_git_all.py
-  args:
-    creates: ~/.ssh/{{ansible_hostname}}_rsa
-  register: keypair
+#- name: generate host key
+#  shell: python3 ~/clones/backend-scripts/bootstrap_git_all.py
+#  args:
+#    creates: ~/.ssh/{{ansible_hostname}}_rsa
+#  register: keypair
+
+- block:  # replaces backend script bootstrap_git_all.py
+  - name: generate host key
+    command: ssh-keygen -t ed25519 -N "" -f {{ansible_hostname}}_rsa
+    args:
+      chdir: ~/.ssh
+      creates: ~/.ssh/{{ansible_hostname}}_rsa
+    register: keypair
+
+  - name: generate ssh config entry
+    blockinfile:
+      block: |
+          Host github_mwu
+          User git
+          Hostname github.com
+          PreferredAuthentications publickey
+          IdentityFile ~/.ssh/{{ansible_hostname}}_rsa
+      create: yes
+      dest: ~/.ssh/config
+      marker: "# {mark} ANSIBLE MANAGED BLOCK github_mwu"
+      mode: 0640
+
+  - name: change git user name
+    git_config:
+      scope: global
+      name: "user.name"
+      value: "{{ansible_hostname}}"
+
+  - name: change git user email
+    git_config:
+      scope: global
+      name: "user.email"
+      value: "{{ansible_hostname}}@{{ansible_fqdn}}"
+
+  # block end

 # FIXME: activate with ansible 2.2 ...
-#- block:
-#  - name: read new pubkey
-#    shell: cat ~/.ssh/{{ansible_hostname}}_rsa.pub
-#    register: ssh_pub_key
-#
-#  - name: read existing secret from spinat
-#    shell: cat ~/.ssh/spinat_rsa
-#    register: github_access_token
-#    delegate_to: spinat.freifunk-mwu.de
-#
-#  - name: register new pubkey with github freifunkmwu account
-#    github_key:
-#      name: "Server {{ansible_hostname}}"
-#      token: "{{github_access_token.stdout}}"
-#      pubkey: "{{ssh_pub_key.stdout}}"
-#
-#  when: keypair.changed
+- block:
+  - name: read new pubkey
+    shell: cat ~/.ssh/{{ansible_hostname}}_rsa.pub
+    register: ssh_pub_key
+
+  - name: read existing token from spinat
+    shell: cat ~/.ssh/github-ansible-token
+    register: github_access_token
+    delegate_to: spinat.freifunk-mwu.de
+
+  - name: register new pubkey with github freifunkmwu account
+    github_key:
+      name: "Server {{ansible_hostname}} automatic test"
+      token: "{{github_access_token.stdout}}"
+      pubkey: "{{ssh_pub_key.stdout}}"
+      force: no
+
+  when: keypair.changed

 - name: manage crontab - PATH
  cron: env=yes name=PATH value="/home/admin/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"