add passwordless ssh option

William Graef · William Graef · commit 8eeb4571eb1b · 2024-07-31T08:38:07.000-04:00
diff --git a/ol/create_instance.yml b/ol/create_instance.yml
@@ -295,6 +295,10 @@
     - name: Configure instance
       ansible.builtin.include_tasks: "host_setup.yml"
 
+    - name: Configure passwordless SSH
+      ansible.builtin.include_tasks: "passwordless_setup.yml"
+      when: passwordless_ssh
+
 - name: Update all rpm packages
   ansible.builtin.import_playbook: update_all_rpms.yml
   when: update_all
diff --git a/ol/default_vars.yml b/ol/default_vars.yml
@@ -38,4 +38,5 @@ vm_root_pass:
 cleanup_tmp: no
 
 update_all: false
+passwordless_ssh: false
 use_podman: false
diff --git a/ol/passwordless_setup.yml b/ol/passwordless_setup.yml
@@ -0,0 +1,53 @@
+---
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# This software is made available to you under the terms of the Universal Permissive License (UPL), Version 1.0.
+# The Universal Permissive License (UPL), Version 1.0 (see COPYING or https://oss.oracle.com/licenses/upl)
+# See LICENSE.TXT for details.
+
+- name: Generate ssh keypair for user
+  community.crypto.openssh_keypair:
+    path: ~/.ssh/id_rsa
+    size: 2048
+    comment: ocne ssh keypair
+  become: true
+  become_user: "{{ username }}"
+
+- name: Fetch public key file from server
+  ansible.builtin.fetch:
+    src: "~/.ssh/id_rsa.pub"
+    dest: "buffer/{{ inventory_hostname }}-id_rsa.pub"
+    flat: true
+  become: true
+  become_user: "{{ username }}"
+
+- name: Copy public key to each destination
+  ansible.posix.authorized_key:
+    user: "{{ username }}"
+    state: present
+    key: "{{ lookup('file', 'buffer/{{ item }}-id_rsa.pub') }}"
+  loop: "{{ groups['all'] | flatten(levels=1) }}"
+  become: true
+
+- name: Print hostvars for groups
+  ansible.builtin.debug:
+    msg: "{{ hostvars[item] }}"
+  loop: "{{ groups['all'] | flatten(levels=1) }}"
+  when: debug_enabled
+
+- name: Print vnc subnet_domain_name
+  ansible.builtin.debug:
+    var: my_subnet_domain_name
+  when: debug_enabled
+
+- name: Accept new ssh fingerprints
+  ansible.builtin.shell: |
+    ssh-keyscan -t ecdsa-sha2-nistp256 \
+    {{ hostvars[item].ansible_hostname }},\
+    {{ hostvars[item].ansible_default_ipv4.address }},\
+    {{ hostvars[item].ansible_hostname + '.' + my_subnet_domain_name }} >> ~/.ssh/known_hosts
+  with_items:
+    - "{{ groups['all'] }}"
+  become: true
+  become_user: "{{ username }}"
+  register: result
+  changed_when: result.rc == 0
