From 075f946517ec1b0f3a497e8431281c528de3aa74 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 7 Mar 2016 15:47:16 +0100 Subject: [PATCH] library/roles/ssh-keys, library/roles/ubuntu-deb-general/tasks/pubkeys.yml: Fix the root ssh keys management. --- ssh-keys/tasks/non-root-ssh-keys.yml | 4 ++-- ssh-keys/tasks/root-ssh-keys.yml | 5 +++-- ubuntu-deb-general/tasks/pubkeys.yml | 5 ++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ssh-keys/tasks/non-root-ssh-keys.yml b/ssh-keys/tasks/non-root-ssh-keys.yml index 602fe265..840e75aa 100644 --- a/ssh-keys/tasks/non-root-ssh-keys.yml +++ b/ssh-keys/tasks/non-root-ssh-keys.yml @@ -3,7 +3,7 @@ authorized_key: user={{ item.0.name }} key="{{ item.1 }}" state=present when: non_root_users with_subelements: - - '{{ ssh_users_list }}' + - '{{ ssh_users_list | default ([]) }}' - authorized_keys tags: [ "pubkeys", "ssh_keys" ] @@ -13,6 +13,6 @@ - obsolete_ssh_key is defined - non_root_users with_subelements: - - '{{ ssh_users_list }}' + - '{{ ssh_users_list | default ([]) }}' - authorized_keys tags: [ "pubkeys", "ssh_keys" ] diff --git a/ssh-keys/tasks/root-ssh-keys.yml b/ssh-keys/tasks/root-ssh-keys.yml index f77de47b..39fed3dd 100644 --- a/ssh-keys/tasks/root-ssh-keys.yml +++ b/ssh-keys/tasks/root-ssh-keys.yml @@ -1,12 +1,13 @@ --- - name: Install the ssh keys for the authorized users authorized_key: user=root key="{{ item }}" state=present - with_items: '{{ user_ssh_key }}' + with_items: '{{ root_ssh_keys | default([]) }}' + when: manage_root_ssh_keys tags: [ 'pubkeys', 'ssh_keys' ] - name: Remove obsolete ssh keys if there are any authorized_key: user=root key="{{ item }}" state=absent - with_items: '{{ obsolete_ssh_key }}' + with_items: '{{ obsolete_root_ssh_keys | default([]) }}' when: obsolete_ssh_key is defined tags: [ 'pubkeys', 'ssh_keys' ] diff --git a/ubuntu-deb-general/tasks/pubkeys.yml b/ubuntu-deb-general/tasks/pubkeys.yml index 5d02ff77..3ee28fd2 100644 --- a/ubuntu-deb-general/tasks/pubkeys.yml +++ b/ubuntu-deb-general/tasks/pubkeys.yml @@ -1,13 +1,12 @@ --- -# TODO: fetch the keys from ldap - name: various pub ssh keys for users and apps authorized_key: user=root key="{{ item }}" state=present - with_items: '{{ root_ssh_keys }}' + with_items: '{{ root_ssh_keys | default([]) }}' when: manage_root_ssh_keys tags: root_pubkeys - name: Remove obsolete keys from the authorized ones authorized_key: user=root key="{{ item }}" state=absent - with_items: '{{ obsolete_root_ssh_keys }}' + with_items: '{{ obsolete_root_ssh_keys | default([]) }}' when: obsolete_root_ssh_keys is defined tags: root_pubkeys