forked from planetary-social/ansible-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfetch-secrets.yml
28 lines (27 loc) · 914 Bytes
/
fetch-secrets.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
---
# Backs up all the pub secret keys onto the control node
- name: Backup Secrets
hosts: pubs
gather_facts: no
serial: 2 # rolling update, don't bring all pubs down at once
pre_tasks:
# SSH Host key checking
# https://stackoverflow.com/a/54735937/982195
- name: Check known_hosts for {{ inventory_hostname }}
local_action: shell ssh-keygen -F {{ inventory_hostname }}
register: has_entry_in_known_hosts_file
failed_when: false
changed_when: false
ignore_errors: yes
- name: Ignore host key for {{ inventory_hostname }} on first run
when: has_entry_in_known_hosts_file.rc == 1
set_fact:
ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
- name: Gather Facts
setup:
tasks:
- name: Get secret key
fetch:
src: ~/ssb-pub-data/secret
dest: "secrets/{{ inventory_hostname }}_secret"
flat: yes