Deploy TrustedUserCAKeys, auth_principals from ssh_principals.yaml, and Makefile targets bootstrap-ssh-ca / bootstrap-ssh-ca-host (NET-WP-0020 T5).
20 lines
539 B
YAML
20 lines
539 B
YAML
---
|
|
# Deploy OpenBao SSH user CA trust and per-user auth_principals.
|
|
#
|
|
# Prerequisite: railiance-platform openbao-configure-ssh (exports CA pubkey).
|
|
#
|
|
# cd ~/railiance-platform
|
|
# OPENBAO_TOKEN_FILE=~/.local/openbao/platform-admin.token \
|
|
# OPENBAO_SSH_CA_PUBKEY_OUT=/tmp/openbao-ssh-ca.pub \
|
|
# make openbao-configure-ssh
|
|
#
|
|
# cd ~/railiance-infra
|
|
# make bootstrap-ssh-ca SSH_CA_PUBKEY=/tmp/openbao-ssh-ca.pub
|
|
|
|
- hosts: all
|
|
become: true
|
|
vars_files:
|
|
- ../inventory/ssh_principals.yaml
|
|
roles:
|
|
- role: ssh_ca_host
|