Release galaxy-2.2.0

galaxy.yml

@@ -24,7 +24,7 @@ namespace: sap
 
 name: sap_operations
 
-version: 2.1.0
+version: 2.2.0
 
 readme: README.md
 
@@ -53,7 +53,8 @@ tags:
   - cloud
   - pacemaker
 
-dependencies: {}
+dependencies:
+  "community.crypto": ">=2.22.2"
 
 repository: https://github.com/redhat-sap/rh_operations
 

roles/ssh_keys_distribute/README.md

@@ -0,0 +1,127 @@
+<!--
+SPDX-License-Identifier: GPL-3.0-only
+SPDX-FileCopyrightText: 2023-2024 Red Hat, Project Atmosphere
+
+Copyright 2023-2024 Red Hat, Project Atmosphere
+
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU
+General Public License as published by the Free Software Foundation, version 3 of the License.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+See the GNU General Public License for more details.
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+You should have received a copy of the GNU General Public License along with this program.
+If not, see <https://www.gnu.org/licenses/>.
+-->
+
+# ssh_keys_distribute
+
+Generate and distribute ssh keys for host to host communication
+
+
+Generate and distribute ssh keys for host to host communication
+Role has two modes of operation - present and absent, see variable ssh_keys_distribute_state
+If state=present role will ensure that ssh key (see below about key name)
+is present, key will be generated if absent, key will never be regenerated.
+After that role will distribute this key to other hosts, see how list of hosts defined below.
+
+If state=absent, role will make sure that key authorization on all hosts is removed.
+ssh key, even if it was generated will not be removed by the role.
+
+
+
+
+## Role Variables
+
+### Required parameters:
+
+
+
+#### ssh_keys_distribute_state
+
+
+_Type:_ `str`
+
+_Default:_ `present`
+
+_Required:_ `False`
+_Choices:_
+- present
+- absent
+_Description:_
+State=present - role will ensure that ssh keys are present (generated)
+State=absent - role will ensure that ssh key with name defined in variable ssh_keys_distribute_key
+cannot be used to login to hosts (using user defined in ssh_keys_distribute_user)
+
+
+
+
+#### ssh_keys_distribute_user
+
+
+_Type:_ `str`
+
+_Default:_ `root`
+
+_Required:_ `False`
+_Description:_
+User for which key if be generated (if required) and distributed to all the hosts
+ansible_user should be able to sudo to this user
+
+
+
+
+#### ssh_keys_distribute_key
+
+
+_Type:_ `str`
+
+_Default:_ `id_rsa`
+
+_Required:_ `False`
+_Description:_
+Name of the key to distribute, should not contain '*.pub'
+
+
+
+#### ssh_keys_distribute_hosts
+
+
+_Type:_ `list`
+
+
+_Required:_ `False`
+_Description:_
+Lists of hosts, where key will be distributed, default value is ansible magic variable ansible_play_hosts
+
+
+
+
+## Limitations
+
+
+
+## Dependencies
+
+Role depend on collection community.crypto
+
+## Example Playbooks
+
+ - name: Run role ssh_keys_distribute
+   ansible.builtin.include_role:
+     name: sap.sap_operations.ssh_keys_distribute
+
+## License
+
+GPL-3.0-only
+
+## Author Information
+
+Kirill Satarin (@kksat)

roles/ssh_keys_distribute/defaults/main.yml

@@ -0,0 +1,26 @@
+# SPDX-License-Identifier: GPL-3.0-only
+# SPDX-FileCopyrightText: 2024 Red Hat, Project Atmosphere
+#
+# Copyright 2024 Red Hat, Project Atmosphere
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU
+# General Public License as published by the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the GNU General Public License for more details.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# You should have received a copy of the GNU General Public License along with this program.
+# If not, see <https://www.gnu.org/licenses/>.
+
+---
+ssh_keys_distribute_state: present
+ssh_keys_distribute_user: root
+ssh_keys_distribute_key: id_rsa
+ssh_keys_distribute_hosts: "{{ ansible_play_hosts }}"

roles/ssh_keys_distribute/meta/argument_specs.yml

@@ -0,0 +1,97 @@
+---
+# SPDX-License-Identifier: GPL-3.0-only
+# SPDX-FileCopyrightText: 2024 Red Hat, Project Atmosphere
+#
+# Copyright 2024 Red Hat, Project Atmosphere
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU
+# General Public License as published by the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the GNU General Public License for more details.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# You should have received a copy of the GNU General Public License along with this program.
+# If not, see <https://www.gnu.org/licenses/>.
+
+argument_specs:
+  main:
+    short_description: Generate and distribute ssh keys for host to host communication
+    description:
+      - Generate and distribute ssh keys for host to host communication
+      - Role has two modes of operation - present and absent, see variable ssh_keys_distribute_state
+      - |
+        If state=present role will ensure that ssh key (see below about key name)
+        is present, key will be generated if absent, key will never be regenerated.
+        After that role will distribute this key to other hosts, see how list of hosts defined below.
+      - |
+        If state=absent, role will make sure that key authorization on all hosts is removed.
+        ssh key, even if it was generated will not be removed by the role.
+
+    options:
+      ssh_keys_distribute_state:
+        description: |
+          State=present - role will ensure that ssh keys are present (generated)
+          State=absent - role will ensure that ssh key with name defined in variable ssh_keys_distribute_key
+          cannot be used to login to hosts (using user defined in ssh_keys_distribute_user)
+        type: str
+        choices:
+          - present
+          - absent
+        required: false
+        default: present
+      ssh_keys_distribute_user:
+        description: |
+          User for which key if be generated (if required) and distributed to all the hosts
+          ansible_user should be able to sudo to this user
+        type: str
+        required: false
+        default: root
+      ssh_keys_distribute_key:
+        description: Name of the key to distribute, should not contain '*.pub'
+        type: str
+        required: false
+        default: id_rsa
+      ssh_keys_distribute_hosts:
+        description: Lists of hosts, where key will be distributed, default value is ansible magic variable ansible_play_hosts
+        type: list
+        elements: str
+        required: false
+
+  __limitations__:
+    options: {}
+    short_description: Limitations
+    description:
+      - ""
+
+  __dependencies__:
+    options: {}
+    short_description: Dependencies
+    description:
+      - Role depend on collection community.crypto
+
+  __examples__:
+    options: {}
+    short_description: Example Playbooks
+    description:
+      - " - name: Run role ssh_keys_distribute"
+      - "   ansible.builtin.include_role:"
+      - "     name: sap.sap_operations.ssh_keys_distribute"
+
+  __license__:
+    options: {}
+    short_description: License
+    description:
+      - GPL-3.0-only
+
+  __author__:
+    options: {}
+    short_description: Author Information
+    description:
+      - Kirill Satarin (@kksat)

roles/ssh_keys_distribute/meta/main.yml

@@ -0,0 +1,34 @@
+# SPDX-License-Identifier: GPL-3.0-only
+# SPDX-FileCopyrightText: 2024 Red Hat, Project Atmosphere
+#
+# Copyright 2024 Red Hat, Project Atmosphere
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU
+# General Public License as published by the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the GNU General Public License for more details.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# You should have received a copy of the GNU General Public License along with this program.
+# If not, see <https://www.gnu.org/licenses/>.
+
+---
+galaxy_info:
+  author: Kirill Satarin
+  description: Generate and distribute ssh keys for host to host communication
+  license: GPL-3.0-only
+  min_ansible_version: "2.15"
+  platforms:
+    - name: EL
+      versions:
+        - "8"
+        - "9"
+  galaxy_tags: []
+dependencies: []

roles/ssh_keys_distribute/tasks/absent.yml

@@ -0,0 +1,40 @@
+# SPDX-License-Identifier: GPL-3.0-only
+# SPDX-FileCopyrightText: 2024 Red Hat, Project Atmosphere
+#
+# Copyright 2024 Red Hat, Project Atmosphere
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU
+# General Public License as published by the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the GNU General Public License for more details.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# You should have received a copy of the GNU General Public License along with this program.
+# If not, see <https://www.gnu.org/licenses/>.
+
+---
+- name: Slurp ssh public key
+  ansible.builtin.slurp:
+    src: "~/.ssh/{{ ssh_keys_distribute_key }}.pub"
+  become: true
+  become_user: "{{ ssh_keys_distribute_user }}"
+  register: ssh_keys_distribute_slurp
+
+- name: Remove ssh key authorization on all hosts
+  ansible.posix.authorized_key:
+    user: "{{ ssh_keys_distribute_user }}"
+    state: absent
+    key: "{{ ssh_keys_distribute_slurp.content | b64decode }}"
+  become: true
+  become_user: "{{ ssh_keys_distribute_user }}"
+  delegate_to: "{{ host_item }}"
+  loop: "{{ ssh_keys_distribute_hosts }}"
+  loop_control:
+    loop_var: host_item

roles/ssh_keys_distribute/tasks/main.yml

@@ -0,0 +1,25 @@
+# SPDX-License-Identifier: GPL-3.0-only
+# SPDX-FileCopyrightText: 2024 Red Hat, Project Atmosphere
+#
+# Copyright 2024 Red Hat, Project Atmosphere
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU
+# General Public License as published by the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# See the GNU General Public License for more details.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# You should have received a copy of the GNU General Public License along with this program.
+# If not, see <https://www.gnu.org/licenses/>.
+
+---
+- name: Include tasks depending on state
+  ansible.builtin.include_tasks:
+    file: "{{ ssh_keys_distribute_state }}.yml"