My environment is composed of 2 web servers and 2 db servers.
I have a new developer coming in my team. I need to deploy his ssh key on every server.
He must be able to connect with both user ubuntu and www-data on the web servers and with user ubuntu on the db servers.
My servers are provisioned with Ansible.
How can I do it ?
I solved it by creating a ssh-keys task like so.
In roles/ssh-keys/tasks/main.yml:
---
- name: add authorized key
authorized_key: user={{ item }} key="{{ lookup('file', 'authorized_keys') }}"
with_items: authorized_ssh_users
when: authorized_ssh_users is defined
In roles/ssh-keys/files/authorized_keys:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[ssh_pub_key_of_dev1] dev1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[ssh_pub_key_of_dev2] dev2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ[ssh_pub_key_of_dev3] dev3
In hosts/production:
[webservers]
webserv1-hostname
webserv2-hostname
[webservers:vars]
authorized_ssh_users=['ubuntu','www-data']
[dbservers]
dbserv1-hostname
dbserv2-hostname
[dbservers:vars]
authorized_ssh_users=['ubuntu']
Then in playbook.yml:
- name: Provision ssh keys
hosts: all
sudo: true
roles:
- ssh-keys
With this solution, I can manage every combination of server / user to deploy key on.