Merge pull request #2 from Oefenweb/initial-version

Initial version

Author: tersmitten

.gitignore

@@ -0,0 +1,29 @@
+# OS generated files #
+######################
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+Icon?
+ehthumbs.db
+Thumbs.db
+
+# IDE files #
+#################
+/.settings
+/.buildpath
+/.project
+/nbproject
+*.komodoproject
+*.kpf
+/.idea
+
+# Vagrant files #
+.vagrant/
+vagrant_ansible_inventory_*
+ansible.cfg
+
+# Other files #
+###############
+!empty

.travis.yml

@@ -0,0 +1,69 @@
+---
+language: python
+python: "2.7"
+
+env:
+  - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=1.9.1
+  - ANSIBLE_VERSION=1.9.0.1
+  - ANSIBLE_VERSION=1.8.4
+  - ANSIBLE_VERSION=1.8.3
+  - ANSIBLE_VERSION=1.8.2
+  - ANSIBLE_VERSION=1.8.1
+  - ANSIBLE_VERSION=1.8
+  - ANSIBLE_VERSION=1.7.2
+  - ANSIBLE_VERSION=1.7.1
+  - ANSIBLE_VERSION=1.7
+  - ANSIBLE_VERSION=1.6.9
+  - ANSIBLE_VERSION=1.6.8
+  - ANSIBLE_VERSION=1.6.7
+  - ANSIBLE_VERSION=1.6.6
+  - ANSIBLE_VERSION=1.6.5
+  - ANSIBLE_VERSION=1.6.4
+  - ANSIBLE_VERSION=1.6.3
+  - ANSIBLE_VERSION=1.6.2
+  - ANSIBLE_VERSION=1.6.10
+  - ANSIBLE_VERSION=1.6.1
+  - ANSIBLE_VERSION=1.6
+  - ANSIBLE_VERSION=1.5.5
+  - ANSIBLE_VERSION=1.5.4
+  - ANSIBLE_VERSION=1.5.3
+  - ANSIBLE_VERSION=1.5.2
+  - ANSIBLE_VERSION=1.5.1
+  - ANSIBLE_VERSION=1.5
+  - ANSIBLE_VERSION=1.4.5
+  - ANSIBLE_VERSION=1.4.4
+  - ANSIBLE_VERSION=1.4.3
+  - ANSIBLE_VERSION=1.4.2
+  - ANSIBLE_VERSION=1.4.1
+  - ANSIBLE_VERSION=1.4
+
+before_install:
+  - sudo apt-get update -qq
+
+install:
+  # Install Ansible.
+  - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi
+
+  # Add ansible.cfg to pick up roles path.
+  - printf "[defaults]\nroles_path = ../" > ansible.cfg
+
+script:
+  # Check the role/playbook's syntax.
+  - ansible-playbook -i tests/inventory tests/test.yml --syntax-check
+
+  # Run the role/playbook with ansible-playbook.
+  - ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo -vvvv
+
+  # Run the role/playbook again, checking to make sure it's idempotent.
+  - >
+    ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo
+    | grep -q 'changed=0.*failed=0'
+    && (echo 'Idempotence test: pass' && exit 0)
+    || (echo 'Idempotence test: fail' && exit 1)
+
+notifications:
+  email: false
+  hipchat:
+    rooms:
+      secure: mEuqxFx3d1A6dRmhvjK3Ky5sm7I6zPnlIgHycwRsV1hSIid3I3aXcW7yMB8eu+y025OF1DYAB9R0rxUIwNxF96S6t3+121cE+a7D3ryX4rGNYzZg87kA4N/U3vclZip72Et31rGXAt5uYZ35Oy0ftMh8ojT/2xbjU3YatNtUlBdIw0nUhCxmeZZfOAmcb4Sh0XmGtEgfKRQLoGb01L70yXAdykvSmKjPoH0iwZ//cne24fRc9pCmY9cVQYZvYOLSeLBSXPrx4NqCv4PdDQeaec9fz6m0pJuVcJwUVXj+4dfG8QB64lqiwgTtBHf0JI/pcTabbPYblQa+tclQPpLV+hIMTpi3iEkNFTQxMwQDZ2x6YYW/2TV8vgF+cROlx+4FBJbzljAUw9XXylL/3FqaAcvpcwNkDo2AmyiFGHKsVZYz3Y8FG+4dBAWjCKK/dB4vwldgz6zxgXGVREDdfIUsyY5PSqhGtnW9JOaYylr9zfAJrBvEo/n0MoLTmI4bV8C7Om2G645NU/H/4/3u7GvfwCXPR7DqUfQ9Onz+2eWfHYm0qeBc+9hBzTNb2o5pnJVccc9jWsq4Fn6oL/OtRERw2BuVqqj5GiAlcO2s8fm29A92AFYkqbAVY0gLsxGi3OJ6629S1P9Rzw3rCddGd/dQqsNDvqRriE5XrtZlA/jzoVQ=

README.md

@@ -1,2 +1,79 @@
 ## ssh-keys
 
+[![Build Status](https://travis-ci.org/Oefenweb/ansible-ssh-keys.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-ssh-keys) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ssh--keys-blue.svg)](https://galaxy.ansible.com/list#/roles/4176)
+
+Manage ssh public key authentication (public / private / authorized keys and known hosts) in Debian-like systems.
+
+#### Requirements
+
+None
+
+#### Variables
+
+* `ssh_keys_users`: [default: `[]`]: User declarations
+* `ssh_keys_users.{n}.owner`: [required]: The name of the user that should own the file(s)
+* `ssh_keys_users.{n}.group`: [optional, default `owner`]: The name of the group that should own the file(s)
+* `ssh_keys_users.{n}.home`: [required]: The path of the home directory (of `owner`)
+* `ssh_keys_users.{n}.private_keys`: [default: `[]`]: Private keys declarations
+* `ssh_keys_users.{n}.private_keys.{n}.src`: [required]: The local path of the key
+* `ssh_keys_users.{n}.private_keys.{n}.dest`: [required]: The remote path of the key (relative to `home/.ssh/`)
+* `ssh_keys_users.{n}.private_keys.{n}.state`: [default: 'present']: State
+* `ssh_keys_users.{n}.public_keys`: [default: `[]`]: Public keys declarations
+* `ssh_keys_users.{n}.public_keys.{n}.src`: [required]: The local path of the key
+* `ssh_keys_users.{n}.public_keys.{n}.dest`: [required]: The remote path of the key (relative to `home/.ssh/`)
+* `ssh_keys_users.{n}.public_keys.{n}.state`: [default: `present`]: State
+* `ssh_keys_users.{n}.authorized_keys`: [default: `[]`]: Authorized keys declarations
+* `ssh_keys_users.{n}.authorized_keys.{n}.src`: [required]: The local path of the key
+* `ssh_keys_users.{n}.authorized_keys.{n}.state`: [default: `present`]: State
+
+* `ssh_keys_known_hosts`: [default: `[]`]: Known hosts declarations
+* `ssh_keys_known_hosts.{n}.hostname`: [required]: The hostname
+* `ssh_keys_known_hosts.{n}.enctype`: [required]: The type of the fingerprint
+* `ssh_keys_known_hosts.{n}.fingerprint`: [required]: The actual fingerprint
+
+## Dependencies
+
+None
+
+#### Example
+
+```yaml
+---
+- hosts: all
+  roles:
+  - ssh-keys
+  vars:
+    ssh_keys_users:
+      - owner: root
+        home: /root
+        private_keys:
+          - src: ../../../files/ssh-keys/id_rsa
+            dest: id_rsa
+            state: present
+        public_keys:
+          - src: ../../../files/ssh-keys/id_rsa.pub
+            dest: id_rsa.pub
+            state: present
+        authorized_keys:
+          - src: ../../../files/ssh-keys/id_rsa.pub
+            state: present
+    ssh_keys_known_hosts:
+      - hostname: github.com
+        enctype: ssh-rsa
+        fingerprint: 'AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=='
+```
+
+The `fingerprint` and `enctype` can be obtained using `ssh-keyscan`: `ssh-keyscan github.com`.
+
+#### License
+
+MIT
+
+#### Author Information
+
+Mark van Driel
+Mischa ter Smitten
+
+#### Feedback, bug-reports, requests, ...
+
+Are [welcome](https://github.com/Oefenweb/ansible-ssh-keys/issues)!

Vagrantfile

@@ -0,0 +1,71 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby ts=2 sw=2 tw=0 et :
+
+role = File.basename(File.expand_path(File.dirname(__FILE__)))
+
+File.open(File.dirname(__FILE__) + '/ansible.cfg', 'w') { |f| f.write("[defaults]\nroles_path = ../") }
+
+boxes = [
+  {
+    :name => "ubuntu-1004",
+    :box => "opscode-ubuntu-10.04",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-10.04_chef-provisionerless.box",
+    :ip => '10.0.0.10',
+    :cpu => "50",
+    :ram => "256"
+   },
+  {
+    :name => "ubuntu-1204",
+    :box => "opscode-ubuntu-12.04",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box",
+    :ip => '10.0.0.11',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "ubuntu-1404",
+    :box => "opscode-ubuntu-14.04",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box",
+    :ip => '10.0.0.12',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "debian-6010",
+    :box => "opscode-debian-6.0.10",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box",
+    :ip => '10.0.0.13',
+    :cpu => "50",
+    :ram => "256"
+  },
+  {
+    :name => "debian-78",
+    :box => "opscode-debian-7.8",
+    :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box",
+    :ip => '10.0.0.14',
+    :cpu => "50",
+    :ram => "256"
+  },
+]
+
+Vagrant.configure("2") do |config|
+  boxes.each do |box|
+    config.vm.define box[:name] do |vms|
+      vms.vm.box = box[:box]
+      vms.vm.box_url = box[:url]
+      vms.vm.hostname = "ansible-#{role}-#{box[:name]}"
+
+      vms.vm.provider "virtualbox" do |v|
+        v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]]
+        v.customize ["modifyvm", :id, "--memory", box[:ram]]
+      end
+
+      vms.vm.network :private_network, ip: box[:ip]
+
+      vms.vm.provision :ansible do |ansible|
+        ansible.playbook = "tests/vagrant.yml"
+        ansible.verbose = "vv"
+      end
+    end
+  end
+end

defaults/main.yml

@@ -0,0 +1,5 @@
+# defaults file for ssh-keys
+---
+ssh_keys_users: []
+
+ssh_keys_known_hosts: []

files/empty

@@ -0,0 +1,2 @@
+# handlers file for ssh-keys
+---

handlers/main.yml

@@ -0,0 +1,22 @@
+# meta file for ssh-keys
+---
+galaxy_info:
+  author: Mischa ter Smitten
+  company: Oefenweb.nl B.V.
+  description: Manage ssh public key authentication (public / private / authorized keys and known hosts) in Debian-like systems
+  license: MIT
+  min_ansible_version: 1.4
+  platforms:
+  - name: Ubuntu
+    versions:
+    - lucid
+    - precise
+    - trusty
+  - name: Debian
+    versions:
+    - squeeze
+    - wheezy
+  categories:
+  - system
+  - networking
+dependencies: []

meta/main.yml

@@ -0,0 +1,11 @@
+# tasks file for ssh-keys
+---
+- name: set up authorized_keys for users
+  authorized_key:
+    user: "{{ item.0.owner }}"
+    key: "{{ lookup('file', item.1.src) }}"
+    state: "{{ item.1.state | default('present') }}"
+  with_subelements:
+    - ssh_keys_users
+    - authorized_keys
+  tags: [configuration, ssh-keys, ssh-keys-authorized-keys]

tasks/authorized-keys.yml

@@ -0,0 +1,11 @@
+# tasks file for ssh-keys
+---
+- name: create ssh directory
+  file:
+    path: "{{ item.home }}/{{ ssh_keys_sshdir }}"
+    state: directory
+    owner: "{{ item.owner }}"
+    group: "{{ item.group | default(item.owner) }}"
+    mode: 0700
+  with_items: ssh_keys_users
+  tags: [configuration, ssh-keys]