generate ssh-keys (backup and backup.pub) and add better explanation

This commit is contained in:
Frank Dornheim 2023-03-11 23:16:06 +01:00
parent dc79c0a287
commit 20f5a6f7b2

View File

@ -1,7 +1,10 @@
--- ---
# In this Play an ssh key pair is created for login to the backup server and secure data transfer.
# If you select: "borgmatic_initialization_repo: true",
# the key will automaticly be added to the authorized_keys on the target system.
# We do not want the possibly existing key to be used/distributed,
# so a backup-specific (backup/backup.pub) one is created.
- name: Create ssh-key (if neeeded) for {{ borgbackup_user }} - name: Create ssh-key (if neeeded) for {{ borgbackup_user }}
when:
- backup_id_rsa is not defined or backup_id_rsa | length == 0
tags: tags:
- install_backup - install_backup
block: block:
@ -13,34 +16,36 @@
owner: "{{ borgbackup_user }}" owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}" group: "{{ borgbackup_group }}"
- name: Generate an OpenSSH keypair with the default values (4096 bits, rsa) - name: Generate an OpenSSH keypair
community.crypto.openssh_keypair: community.crypto.openssh_keypair:
path: "{{ backup_user_info.home }}/.ssh/id_rsa" path: "{{ backup_user_info.home }}/.ssh/backup"
mode: "0600" mode: "0600"
type: "{{ borg_ssh_key_type }}"
owner: "{{ borgbackup_user }}" owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}" group: "{{ borgbackup_group }}"
- name: Set key permission - name: Set key permission
ansible.builtin.file: ansible.builtin.file:
path: "{{ backup_user_info.home }}/.ssh/id_rsa.pub" path: "{{ backup_user_info.home }}/.ssh/backup.pub"
mode: "0644" mode: "0644"
owner: "{{ borgbackup_user }}" owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}" group: "{{ borgbackup_group }}"
- name: Read ssh key - name: Read ssh key
ansible.builtin.slurp: ansible.builtin.slurp:
src: "{{ backup_user_info.home }}/.ssh/id_rsa.pub" src: "{{ backup_user_info.home }}/.ssh/backup.pub"
register: backup_local_ssh_key register: backup_local_ssh_key
- name: Set authorized key taken from file - name: Set authorized key taken from file
when: when:
- borgmatic_initialization_repo is defined and borgmatic_initialization_repo - borgmatic_initialization_repo is defined and borgmatic_initialization_repo
ansible.posix.authorized_key: ansible.posix.authorized_key:
# borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo # example:
# habe thee parts: "username"@"FQDN":"path/to/store/backup", specific: # borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
# a) user: m5vz9gp4 # have three parts: "username"@"FQDN":"path/to/store/backup", specific:
# b) fqdn: m5vz9gp4.repo.borgbase.co # a) user: m5vz9gp4
# c) dir: repo # b) fqdn: m5vz9gp4.repo.borgbase.co
# c) dir: repo
user: "{{ borg_repository | regex_search('(.*)@', '\\1') | first }}" # part a) user: "{{ borg_repository | regex_search('(.*)@', '\\1') | first }}" # part a)
state: present state: present
key: "{{ backup_local_ssh_key['content'] | b64decode }}" key: "{{ backup_local_ssh_key['content'] | b64decode }}"