remove-ubuntu-key.yml 1.41 KB
Newer Older
1 2 3 4 5
# A simple utility play to remove a public key from the authorized key
# file for the ubuntu user
# You must pass in the entire line that you are adding
- hosts: all
  vars:
6 7
    # Number of instances to operate on at a time
    serial_count: 1
8 9
    owner: ubuntu
    keyfile: "/home/{{ owner }}/.ssh/authorized_keys"
10
  serial: "{{ serial_count }}"
11
  tasks:
John Jarvis committed
12
    - fail: msg="You must pass in a public_key"
13
      when: public_key is not defined
14 15
    - fail: msg="public does not exist in secrets"
      when: ubuntu_public_keys[public_key] is not defined
16 17
    - command: mktemp
      register: mktemp
John Jarvis committed
18 19
    # This command will fail if this returns zero lines which will prevent
    # the last key from being removed
20 21 22 23
    - shell: "grep -Fv '{{ ubuntu_public_keys[public_key] }}' {{ keyfile }} > {{ mktemp.stdout }}"
    - shell: "while read line; do ssh-keygen -lf /dev/stdin <<<$line; done <{{ mktemp.stdout }}"
      args:
        executable: /bin/bash
24 25 26 27
      register: keycheck
    - fail: msg="public key check failed!"
      when: keycheck.stderr != ""
    - command: cp {{ mktemp.stdout }} {{ keyfile }}
28 29 30 31 32 33 34
    - file:
        path: "{{ keyfile }}"
        owner: "{{ owner }}"
        mode: 0600
    - file:
          path: "{{ mktemp.stdout }}"
          state: absent
35 36 37 38
    - shell: wc -l  < {{ keyfile }}
      register: line_count
    - fail: msg="There should only be one line in ubuntu's authorized_keys"
      when: line_count.stdout|int != 1