cleanup ssh config

Guillaume Coré

2018-04-19 8f670973849232d3afed6e6e4bf2d4a189bfdd4e

cleanup ssh config

- do not use 2 templates depending on the variable, add the condition in jinja2
- use 'remote_user' instead of hardcoded 'ec2-user'

 ansible/roles/bastion/files/bastion_ssh_config.j2

@@ -1,14 +1,10 @@
Host *.internal
Host ec2* *.internal
  User {{remote_user}}
{% if use_own_key|bool %}
  IdentityFile ~/.ssh/{{env_authorized_key}}.pem
{% else %}
  IdentityFile ~/.ssh/{{key_name}}.pem
  ForwardAgent yes
  StrictHostKeyChecking no
  ConnectTimeout 60
  ConnectionAttempts 10

Host ec2*
  User {{remote_user}}
  IdentityFile ~/.ssh/{{key_name}}.pem
{% endif %}
  ForwardAgent yes
  StrictHostKeyChecking no
  ConnectTimeout 60

 ansible/roles/bastion/files/bastion_ssh_config_ownkey.j2

File was deleted

 ansible/roles/bastion/tasks/main.yml

@@ -31,18 +31,9 @@
  tags:
    - copy_env_private_key

# TODO: Test splitting this into literal
- name: Generate host .ssh/config Template
  become: no
  local_action: template src={{ role_path }}/files/bastion_ssh_config.j2 dest={{ ANSIBLE_REPO_PATH }}/workdir/ssh-config-{{ env_type }}-{{ guid }}
  when: not use_own_key|bool
  tags:
    - gen_sshconfig_file

- name: Generate host .ssh/config Template
  become: no
  local_action: template src={{ role_path }}/files/bastion_ssh_config_ownkey.j2 dest={{ ANSIBLE_REPO_PATH }}/workdir/ssh-config-{{ env_type }}-{{ guid }}
  when: use_own_key|bool
  tags:
    - gen_sshconfig_file


 ansible/roles/set_env_authorized_key/files/host_ssh_config.j2

@@ -1,11 +1,7 @@
Host *.internal
   User ec2-user
Host ec2* *.internal
   User {{remote_user}}
   IdentityFile ~/.ssh/{{env_authorized_key}}.pem
   ForwardAgent yes
   StrictHostKeyChecking no

Host ec2*
  User ec2-user
  IdentityFile ~/.ssh/{{env_authorized_key}}.pem
  ForwardAgent yes
  StrictHostKeyChecking no
   ConnectTimeout 60
   ConnectionAttempts 10