From 67a0ed3f5a194b6426f8e5a06f754573cd68ee9d Mon Sep 17 00:00:00 2001
From: Guillaume Coré <gucore@redhat.com>
Date: Thu, 19 Apr 2018 23:57:05 +0200
Subject: [PATCH] cleanup ssh config

---
 /dev/null                                                     |   15 ---------------
 ansible/roles/bastion/tasks/main.yml                          |    9 ---------
 ansible/roles/bastion/files/bastion_ssh_config.j2             |   14 +++++---------
 ansible/roles/set_env_authorized_key/files/host_ssh_config.j2 |   12 ++++--------
 4 files changed, 9 insertions(+), 41 deletions(-)

diff --git a/ansible/roles/bastion/files/bastion_ssh_config.j2 b/ansible/roles/bastion/files/bastion_ssh_config.j2
index 2eb2bbf..a73b744 100644
--- a/ansible/roles/bastion/files/bastion_ssh_config.j2
+++ b/ansible/roles/bastion/files/bastion_ssh_config.j2
@@ -1,14 +1,10 @@
-Host *.internal
+Host ec2* *.internal
   User {{remote_user}}
+{% if use_own_key|bool %}
+  IdentityFile ~/.ssh/{{env_authorized_key}}.pem
+{% else %}
   IdentityFile ~/.ssh/{{key_name}}.pem
-  ForwardAgent yes
-  StrictHostKeyChecking no
-  ConnectTimeout 60
-  ConnectionAttempts 10
-
-Host ec2*
-  User {{remote_user}}
-  IdentityFile ~/.ssh/{{key_name}}.pem
+{% endif %}
   ForwardAgent yes
   StrictHostKeyChecking no
   ConnectTimeout 60
diff --git a/ansible/roles/bastion/files/bastion_ssh_config_ownkey.j2 b/ansible/roles/bastion/files/bastion_ssh_config_ownkey.j2
deleted file mode 100644
index 135ad76..0000000
--- a/ansible/roles/bastion/files/bastion_ssh_config_ownkey.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-Host *.internal
-  User {{ remote_user }}
-  IdentityFile ~/.ssh/{{env_authorized_key}}.pem
-  ForwardAgent yes
-  StrictHostKeyChecking no
-  ConnectTimeout 60
-  ConnectionAttempts 10
-
-Host ec2*
-  User {{ remote_user }}
-  IdentityFile ~/.ssh/{{env_authorized_key}}.pem
-  ForwardAgent yes
-  StrictHostKeyChecking no
-  ConnectTimeout 60
-  ConnectionAttempts 10
diff --git a/ansible/roles/bastion/tasks/main.yml b/ansible/roles/bastion/tasks/main.yml
index 97f5fe6..bd62d76 100644
--- a/ansible/roles/bastion/tasks/main.yml
+++ b/ansible/roles/bastion/tasks/main.yml
@@ -31,18 +31,9 @@
   tags:
     - copy_env_private_key
 
-# TODO: Test splitting this into literal
 - name: Generate host .ssh/config Template
   become: no
   local_action: template src={{ role_path }}/files/bastion_ssh_config.j2 dest={{ ANSIBLE_REPO_PATH }}/workdir/ssh-config-{{ env_type }}-{{ guid }}
-  when: not use_own_key|bool
-  tags:
-    - gen_sshconfig_file
-
-- name: Generate host .ssh/config Template
-  become: no
-  local_action: template src={{ role_path }}/files/bastion_ssh_config_ownkey.j2 dest={{ ANSIBLE_REPO_PATH }}/workdir/ssh-config-{{ env_type }}-{{ guid }}
-  when: use_own_key|bool
   tags:
     - gen_sshconfig_file
 
diff --git a/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2 b/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2
index 3cdb8cd..e472e97 100644
--- a/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2
+++ b/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2
@@ -1,11 +1,7 @@
-Host *.internal
-   User ec2-user
+Host ec2* *.internal
+   User {{remote_user}}
    IdentityFile ~/.ssh/{{env_authorized_key}}.pem
    ForwardAgent yes
    StrictHostKeyChecking no
-
-Host ec2*
-  User ec2-user
-  IdentityFile ~/.ssh/{{env_authorized_key}}.pem
-  ForwardAgent yes
-  StrictHostKeyChecking no
+   ConnectTimeout 60
+   ConnectionAttempts 10

--
Gitblit v1.9.3