mirror of
https://github.com/borgbase/ansible-role-borgbackup.git
synced 2025-08-02 13:49:37 +02:00
generate ssh-keys (backup and backup.pub) and add better explanation
This commit is contained in:
parent
dc79c0a287
commit
20f5a6f7b2
@ -1,7 +1,10 @@
|
|||||||
---
|
---
|
||||||
|
# In this Play an ssh key pair is created for login to the backup server and secure data transfer.
|
||||||
|
# If you select: "borgmatic_initialization_repo: true",
|
||||||
|
# the key will automaticly be added to the authorized_keys on the target system.
|
||||||
|
# We do not want the possibly existing key to be used/distributed,
|
||||||
|
# so a backup-specific (backup/backup.pub) one is created.
|
||||||
- name: Create ssh-key (if neeeded) for {{ borgbackup_user }}
|
- name: Create ssh-key (if neeeded) for {{ borgbackup_user }}
|
||||||
when:
|
|
||||||
- backup_id_rsa is not defined or backup_id_rsa | length == 0
|
|
||||||
tags:
|
tags:
|
||||||
- install_backup
|
- install_backup
|
||||||
block:
|
block:
|
||||||
@ -13,34 +16,36 @@
|
|||||||
owner: "{{ borgbackup_user }}"
|
owner: "{{ borgbackup_user }}"
|
||||||
group: "{{ borgbackup_group }}"
|
group: "{{ borgbackup_group }}"
|
||||||
|
|
||||||
- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa)
|
- name: Generate an OpenSSH keypair
|
||||||
community.crypto.openssh_keypair:
|
community.crypto.openssh_keypair:
|
||||||
path: "{{ backup_user_info.home }}/.ssh/id_rsa"
|
path: "{{ backup_user_info.home }}/.ssh/backup"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
type: "{{ borg_ssh_key_type }}"
|
||||||
owner: "{{ borgbackup_user }}"
|
owner: "{{ borgbackup_user }}"
|
||||||
group: "{{ borgbackup_group }}"
|
group: "{{ borgbackup_group }}"
|
||||||
|
|
||||||
- name: Set key permission
|
- name: Set key permission
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ backup_user_info.home }}/.ssh/id_rsa.pub"
|
path: "{{ backup_user_info.home }}/.ssh/backup.pub"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
owner: "{{ borgbackup_user }}"
|
owner: "{{ borgbackup_user }}"
|
||||||
group: "{{ borgbackup_group }}"
|
group: "{{ borgbackup_group }}"
|
||||||
|
|
||||||
- name: Read ssh key
|
- name: Read ssh key
|
||||||
ansible.builtin.slurp:
|
ansible.builtin.slurp:
|
||||||
src: "{{ backup_user_info.home }}/.ssh/id_rsa.pub"
|
src: "{{ backup_user_info.home }}/.ssh/backup.pub"
|
||||||
register: backup_local_ssh_key
|
register: backup_local_ssh_key
|
||||||
|
|
||||||
- name: Set authorized key taken from file
|
- name: Set authorized key taken from file
|
||||||
when:
|
when:
|
||||||
- borgmatic_initialization_repo is defined and borgmatic_initialization_repo
|
- borgmatic_initialization_repo is defined and borgmatic_initialization_repo
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
# borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
|
# example:
|
||||||
# habe thee parts: "username"@"FQDN":"path/to/store/backup", specific:
|
# borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
|
||||||
# a) user: m5vz9gp4
|
# have three parts: "username"@"FQDN":"path/to/store/backup", specific:
|
||||||
# b) fqdn: m5vz9gp4.repo.borgbase.co
|
# a) user: m5vz9gp4
|
||||||
# c) dir: repo
|
# b) fqdn: m5vz9gp4.repo.borgbase.co
|
||||||
|
# c) dir: repo
|
||||||
user: "{{ borg_repository | regex_search('(.*)@', '\\1') | first }}" # part a)
|
user: "{{ borg_repository | regex_search('(.*)@', '\\1') | first }}" # part a)
|
||||||
state: present
|
state: present
|
||||||
key: "{{ backup_local_ssh_key['content'] | b64decode }}"
|
key: "{{ backup_local_ssh_key['content'] | b64decode }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user