From f1618bf28661ab6027c374c1322761b92e6a0060 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Thu, 14 Nov 2024 13:48:25 -0600
Subject: [PATCH] Update 3 files

- /ansible/cheaha.yml
- /ansible/group_vars/all
- /ansible/roles/ssh_host_key/tasks/main.yml
---
 ansible/cheaha.yml                        |  1 +
 ansible/group_vars/all                    |  9 +++++++
 ansible/roles/ssh_host_key/tasks/main.yml | 33 +++++++++++++++++++++++
 3 files changed, 43 insertions(+)
 create mode 100644 ansible/roles/ssh_host_key/tasks/main.yml

diff --git a/ansible/cheaha.yml b/ansible/cheaha.yml
index bfb1af1..e940cf6 100644
--- a/ansible/cheaha.yml
+++ b/ansible/cheaha.yml
@@ -7,3 +7,4 @@
     - { name: 'nfs_mounts', tags: 'nfs_mounts' }
     - { name: 'ldap_config', tags: 'ldap_config' }
     - { name: 'slurm_client', tags: 'slurm_client' }
+    - { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index e55be3c..d7c61a7 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -10,3 +10,12 @@
   nhc_download_path: "/tmp"
   nhc_git_repo: "https://gitlab.rc.uab.edu/rc/nhc.git"
   nhc_git_repo_path: "/tmp/nhc"
+
+#SSH Host Keys
+  s3_endpoint: ""
+  ssh_host_keys_s3_bucket: ""
+  ssh_host_keys_s3_object: ""
+
+# AWS credentials
+lts_access_key: ""
+lts_secret_key: ""
diff --git a/ansible/roles/ssh_host_key/tasks/main.yml b/ansible/roles/ssh_host_key/tasks/main.yml
new file mode 100644
index 0000000..052000d
--- /dev/null
+++ b/ansible/roles/ssh_host_key/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+- name: Ensure destination directory exists only if not present
+  file:
+    path: /tmp/ssh_keys
+    state: directory
+    mode: '0755'
+  args:
+    creates: /tmp/ssh_keys
+
+- name: Download SSH host keys tar.gz from S3
+  aws_s3:
+    mode: get
+    s3_url: "{{ s3_endpoint }}"
+    bucket: "{{ ssh_host_keys_s3_bucket }}"
+    object: "{{ ssh_host_keys_s3_object }}"
+    dest: "/tmp/ssh_keys/{{ ssh_host_keys_s3_object }}"
+    aws_access_key: "{{ lts_access_key }}"
+    aws_secret_key: "{{ lts_secret_key }}"
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+- name: Unpack SSH host keys to /etc/ssh
+  unarchive:
+    src: "/tmp/ssh_keys/{{ ssh_host_keys_s3_object }}"
+    dest: "/etc/ssh"
+    remote_src: yes
+  become: true
+
+- name: Restart SSH service
+  ansible.builtin.service:
+    name: sshd
+    state: restarted
+  become: true
-- 
GitLab