kraussnet/kraussnet-ansible-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

maint: initial commit

Browse Source
This commit is contained in:
Jonathan Krauss
2025-08-13 16:11:13 -07:00
commit 702b27e583
4 changed files with 122 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
entrypoint.sh Normal file
View File

@@ -0,0 +1,57 @@
#!/bin/bash
#
# KraussNet Ansible Playbook Runner Action Entrypoint
set -euo pipefail
if [ -z "${INPUT_PKI_CA_URL:-}" ] ; then
echo "Missing required input parameter 'pki_ca_url'"
exit 1
fi
if [ -z "${INPUT_PKI_FINGERPRINT:-}" ] ; then
echo "Missing required input parameter 'pki_fingerprint'"
exit 1
fi
if [ -z "${INPUT_PKI_PROVISIONER_PASSWORD:-}" ] ; then
echo "Missing required input parameter 'pki_provisioner_password'"
exit 1
fi
if [ -z "${INPUT_PLAYBOOK:-}" ] ; then
echo "Missing required input parameter 'playbook'"
exit 1
fi
if [ -z "${INPUT_INVENTORY:-}" ] ; then
echo "Missing required input parameter 'inventory'"
exit 1
fi
# Setup Variables
provisioner_name=${INPUT_PKI_PROVISIONER_NAME:-"ansible"}
provisioner_password=${INPUT_PKI_PROVISIONER_PASSWORD}
default_cert_subject="ansible-kraussnet-action-runner@$(hostname -f)"
user_cert_subject=${INPUT_SUBJECT:-"$default_cert_subject"}
# Bootstrap the PKI Certificate Authority
step ca bootstrap \
--ca-url "${INPUT_PKI_CA_URL}" \
--fingerprint "${INPUT_PKI_FINGERPRINT}"
echo "Bootstrapped PKI at ${INPUT_PKI_CA_URL}"
# Obtain the Host Certificate
[ ! -d ~/.ssh ] && mkdir ~/.ssh
echo "@cert-authority *.kraussnet.com $(step ssh config --host --roots)" > ~/.ssh/known_hosts
echo "Obtained SSH Host Certificate Authority"
# Obtain a User Certificate for Ansible
token=$(step ca token "${user_cert_subject}" --ssh --provisioner "${provisioner_name}" --provisioner-password-file <(printf "${provisioner_password}"))
echo "Obtained User Token from CA"
echo $token | step crypto jwt inspect --insecure
[ ! -f ~/.ssh/id_ecdsa ] && ssh-keygen -t ecdsa -f ~/.ssh/id_ecdsa -N ''
[ -f ~/.ssh/id_ecdsa-cert.pub ] && rm ~/.ssh/id_ecdsa-cert.pub
step ssh certificate "${user_cert_subject}" ~/.ssh/id_ecdsa.pub --sign --provisioner "${provisioner_name}" --token $token
echo "Obtained User Certificate from CA"
ssh-keygen -L -f ~/.ssh/id_ecdsa-cert.pub
# Run a test command (will be replaced with the Ansible command)
ssh ansible@rpi-ns1.lan.kraussnet.com 'echo "Hello from $(hostname -f)"'