Merge branch 'feat-ssh-host-key-role' into 'feat-hpc-factory'

Feat- Add role for managing SSH host keys

See merge request !129

ansible/cluster.yml

@@ -7,3 +7,4 @@
     - { name: 'nfs_mounts', tags: 'nfs_mounts' }
     - { name: 'ldap_config', tags: 'ldap_config' }
     - { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
+    - { name: 'ssh_host_keys', tags: 'ssh_host_keys' }

ansible/group_vars/all

@@ -33,3 +33,11 @@
     - /gpfs4
     - /gpfs5
 
+#SSH Host Keys
+  S3_ENDPOINT: ""
+  SSH_HOST_KEYS_S3_BUCKET: ""
+  SSH_HOST_KEYS_S3_OBJECT: ""
+
+# AWS credentials
+  LTS_ACCESS_KEY: ""
+  LTS_SECRET_KEY: ""

ansible/roles/ssh_host_keys/tasks/main.yml

+---
+- name: Ensure destination directory exists only if not present
+  file:
+    path: /tmp/ssh_keys
+    state: directory
+    mode: '0755'
+  args:
+    creates: /tmp/ssh_keys
+
+- name: Download SSH host keys tar.gz from S3
+  aws_s3:
+    mode: get
+    s3_url: "{{ S3_ENDPOINT }}"
+    bucket: "{{ SSH_HOST_KEYS_S3_BUCKET }}"
+    object: "{{ SSH_HOST_KEYS_S3_OBJECT }}"
+    dest: "/tmp/ssh_keys/{{ SSH_HOST_KEYS_S3_OBJECT }}"
+    aws_access_key: "{{ LTS_ACCESS_KEY }}"
+    aws_secret_key: "{{ LTS_SECRET_KEY }}"
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+- name: Unpack SSH host keys to /etc/ssh
+  unarchive:
+    src: "/tmp/ssh_keys/{{ SSH_HOST_KEYS_S3_OBJECT }}"
+    dest: "/etc/ssh"
+    remote_src: yes
+  become: true
+
+- name: Restart SSH service
+  ansible.builtin.service:
+    name: sshd
+    state: restarted
+  become: true