forked from ilias-sp/ansible-setup-passwordless-ssh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ansible_setup_passwordless_ssh_rollback.yml
executable file
·105 lines (90 loc) · 2.59 KB
/
ansible_setup_passwordless_ssh_rollback.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# Ansible playbook to ROLLBACK the passwordless SSH login to remote hosts.
#
# https://github.com/ilias-sp/ansible-setup-passwordless-ssh
#
#
#
#
#
# run the playbook as:
#
# ansible-playbook -i hosts ansible_setup_passwordless_ssh_rollback.yml
#
#
#
---
- hosts: local_host
gather_facts: false
vars:
ssh_key_content: ""
vars_prompt:
- name: confirmation
prompt: "Type 'YES' to establish passwordless login to the remote hosts:"
default: 'NO'
private: no
when: confirmation != "YES"
pre_tasks:
- name: "Check Confirmation"
fail: msg="Exiting... You must type 'YES' to continue."
when: confirmation != "YES"
tasks:
- name: check .ssh local directory exists
stat:
path: "~/.ssh"
register: ssh_directory_exists_check
# - debug:
# var: ssh_directory_exists_check
- name: check .ssh key file exists
stat:
path: "~/.ssh/{{item}}"
register: ssh_key_file_exists_check
with_items:
- "{{ssh_key_filename}}"
- "{{ssh_key_filename}}.pub"
- name: fail if .ssh key is missing
fail:
msg: "the {{ssh_key_filename}}.pub was NOT found in .ssh folder"
when: ssh_key_file_exists_check.results[1].stat.exists == false
# - debug:
# var: ssh_key_file_exists_check.results[1].stat.exists
- name: get ssh key to remove from the file
set_fact:
ssh_key_content: "{{ lookup('file', '~/.ssh/{{ssh_key_filename}}.pub') }}"
# - debug:
# var: ssh_key_content
- hosts: ansible_setup_passwordless_setup_group
gather_facts: false
vars:
ssh_key_content_to_remove: "{{ hostvars['localhost'].ssh_key_content }}"
tasks:
- name: delete the ssh key from the remote hosts
lineinfile:
path: ~/.ssh/authorized_keys
line: "{{ ssh_key_content_to_remove }}"
state: absent
backup: yes
register: ssh_key_removal_execution
# - debug:
# var: ssh_key_removal_execution
- hosts: local_host
gather_facts: false
tasks:
- name: delete the 2 key files from local_host
file:
path: "~/.ssh/{{ item }}"
state: absent
register: keys_deletion_execution
with_items:
- "{{ssh_key_filename}}"
- "{{ssh_key_filename}}.pub"
# - debug:
# var: keys_deletion_execution
- name: clear the ~/.ssh/config file
lineinfile:
path: "~/.ssh/config"
line: "IdentityFile ~/.ssh/{{ssh_key_filename}}"
state: absent
backup: yes
register: ssh_config_file_key_deletion
# - debug:
# var: ssh_config_file_key_deletion