{"id":81,"sha1":"be97c99b26fc331c204e73344660196e8aeb8f56","playbook":{"id":2,"items":{"plays":18,"tasks":316,"results":313,"hosts":2,"files":136,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-hosts.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:27:39.675908Z","ended":"2025-12-08T13:33:13.621332Z","duration":"00:05:33.945424","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2022, BBC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n- name: Create keypair {{ kp['name'] }}\n  vars:\n    ansible_python_interpreter: \"{{ ssh_keypairs_setup_host_python_interpreter }}\"\n    _ca_file: \"{{ ssh_keypairs_dir ~ '/' ~ kp.cert.signed_by }}\"\n  delegate_to: \"{{ ssh_keypairs_setup_host }}\"\n  block:\n    - name: Generate key pair for {{ kp['name'] }}\n      community.crypto.openssh_keypair:\n        comment: \"{{ kp.comment | default(omit) }}\"\n        passphrase: \"{{ kp.passphrase | default(omit) }}\"\n        regenerate: \"{{ kp.regenerate | default(omit) }}\"\n        size: \"{{ kp.size | default(omit) }}\"\n        type: \"{{ kp.type | default(omit) }}\"\n        path: \"{{ kp_dir ~ '/' ~ kp['name'] }}\"\n        mode: \"{{ kp.mode | default(omit) }}\"\n        backend: cryptography\n      register: kp_keys\n\n    - name: Generate an OpenSSH user certificate for {{ kp['name'] }}\n      community.crypto.openssh_cert:\n        identifier: \"{{ kp.cert.identifier | default(omit) }}\"\n        options: \"{{ ssh_keypairs_cert_base_options | union(kp.cert.options | default([])) }}\"\n        principals: \"{{ kp.cert.principals | default(omit) }}\"\n        regenerate: \"{{ kp.cert.regenerate | default('full_idempotence') }}\"\n        signature_algorithm: \"{{ kp.cert.signature_algorithm | default(omit) }}\"\n        signing_key: \"{{ _ca_file }}\"\n        type: \"{{ kp.cert.type | default('user') }}\"\n        public_key: \"{{ kp_keys['filename'] ~ '.pub' }}\"\n        path: \"{{ kp_keys['filename'] ~ '-cert.pub' }}\"\n        valid_from: \"{{ kp.cert.valid_from }}\"\n        valid_to: \"{{ kp.cert.valid_to }}\"\n      when:\n        - kp.cert is defined\n      register: kp_cert\n\n    - name: Save certificate info for signed key {{ kp['name'] }}\n      ansible.builtin.copy:\n        content: \"{{ kp_cert['info'] | to_nice_yaml }}\"\n        dest: \"{{ kp_keys['filename'] ~ '-cert.info' }}\"\n        mode: \"0644\"\n      when: kp_cert is changed\n","created":"2025-12-08T13:28:30.344181Z","updated":"2025-12-08T13:28:30.344220Z","path":"/etc/ansible/ansible_collections/openstack/osa/roles/ssh_keypairs/tasks/standalone/create_keypair.yml"}