I need this to run the bodhi-backend playbook in check/diff mode to debug some configuration issues.
[PATCH] basessh: Always run the keygen shell command if needed, even
Without this check mode will fail if there's not an old signed copy of the key around.
Signed-off-by: Kevin Fenzi kevin@scrye.com --- roles/basessh/tasks/main.yml | 1 + 1 file changed, 1 insertion(+)
diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml index 49a5aff..7183607 100644 --- a/roles/basessh/tasks/main.yml +++ b/roles/basessh/tasks/main.yml @@ -202,6 +202,7 @@ shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub" delegate_to: localhost with_items: "{{certs_to_sign}}" + check_mode: no tags: - basessh - sshd_cert
+1
On Fri, Sep 6, 2019, 01:30 Kevin Fenzi kevin@scrye.com wrote:
Without this check mode will fail if there's not an old signed copy of the key around.
Signed-off-by: Kevin Fenzi kevin@scrye.com
roles/basessh/tasks/main.yml | 1 + 1 file changed, 1 insertion(+)
diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml index 49a5aff..7183607 100644 --- a/roles/basessh/tasks/main.yml +++ b/roles/basessh/tasks/main.yml @@ -202,6 +202,7 @@ shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub" delegate_to: localhost with_items: "{{certs_to_sign}}"
- check_mode: no tags:
- basessh
- sshd_cert
-- 1.8.3.1 _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
+1
infrastructure@lists.fedoraproject.org