Freeze Break Request: add check_mode: no to a basessh task - infrastructure - Fedora mailing-lists

List overview All Threads
Download

Freeze Break Request: add check_mode: no to a basessh task

Changes to the weekly meetings

FBR: Allow sysadmin-osbs to SSH...

Kevin Fenzi

5 Sep 2019 5 Sep '19

6:20 p.m.

I need this to run the bodhi-backend playbook in check/diff mode to debug some configuration issues.

[PATCH] basessh: Always run the keygen shell command if needed, even

Reply

Show replies by date

Kevin Fenzi

5 Sep 5 Sep

6:20 p.m.

New subject: [PATCH] basessh: Always run the keygen shell command if needed, even in check mode.

Without this check mode will fail if there's not an old signed copy of the key around.

Signed-off-by: Kevin Fenzi kevin@scrye.com --- roles/basessh/tasks/main.yml | 1 + 1 file changed, 1 insertion(+)

diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml index 49a5aff..7183607 100644 --- a/roles/basessh/tasks/main.yml +++ b/roles/basessh/tasks/main.yml @@ -202,6 +202,7 @@ shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub" delegate_to: localhost with_items: "{{certs_to_sign}}" + check_mode: no tags: - basessh - sshd_cert

-- 1.8.3.1

Reply

Clement Verna

11:24 p.m.

New subject: [PATCH] basessh: Always run the keygen shell command if needed, even in check mode.

+1

On Fri, Sep 6, 2019, 01:30 Kevin Fenzi kevin@scrye.com wrote:

Without this check mode will fail if there's not an old signed copy of the key around.

Signed-off-by: Kevin Fenzi kevin@scrye.com

roles/basessh/tasks/main.yml | 1 + 1 file changed, 1 insertion(+)

diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml index 49a5aff..7183607 100644 --- a/roles/basessh/tasks/main.yml +++ b/roles/basessh/tasks/main.yml @@ -202,6 +202,7 @@ shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub" delegate_to: localhost with_items: "{{certs_to_sign}}"

check_mode: no tags:

basessh

sshd_cert

-- 1.8.3.1 _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...

Reply

Randy Barlow

9 Sep 9 Sep

10:52 a.m.

New subject: [PATCH] basessh: Always run the keygen shell command if needed, even in check mode.

+1

Reply

1695

Age (days ago)

1699

Last active (days ago)

infrastructure@lists.fedoraproject.org

3 comments

3 participants

tags (0)

participants (3)

Clement Verna
Kevin Fenzi
Randy Barlow