kraussnet/kraussnet-ansible-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add debug flag

Browse Source
This commit is contained in:
Jonathan Krauss
2025-08-14 09:19:55 -07:00
parent e803e22991
commit f9ba7b82bc
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
action.yml
View File

@@ -54,6 +54,10 @@ inputs:
options: options:
description: Extra options that should be passed to ansible-playbook command description: Extra options that should be passed to ansible-playbook command
required: false required: false
debug:
description: Set debug mode (prints additional information about PKI setup)
required: false
default: false
runs: runs:
using: docker using: docker
image: Dockerfile image: Dockerfile

13
entrypoint.sh
View File

@@ -25,6 +25,10 @@ if [ -z "${INPUT_INVENTORY:-}" ] ; then
exit 1 exit 1
fi fi
# Set Debug Mode Helper
input_debug="${INPUT_DEBUG:-false}"
debug=${input_debug,,}
# Setup Provisioner Variables # Setup Provisioner Variables
provisioner_name=${INPUT_PKI_PROVISIONER_NAME:-"ansible"} provisioner_name=${INPUT_PKI_PROVISIONER_NAME:-"ansible"}
provisioner_password=${INPUT_PKI_PROVISIONER_PASSWORD} provisioner_password=${INPUT_PKI_PROVISIONER_PASSWORD}
@@ -42,9 +46,6 @@ echo "Bootstrapped PKI at ${INPUT_PKI_CA_URL}"
host_ca_cert=$(step ssh config --host --roots) host_ca_cert=$(step ssh config --host --roots)
echo "@cert-authority *.kraussnet.com ${host_ca_cert}" > ~/.ssh/known_hosts echo "@cert-authority *.kraussnet.com ${host_ca_cert}" > ~/.ssh/known_hosts
if [ ! -z "${INPUT_PKI_ADDITIONAL_HOSTS:-}" ] ; then if [ ! -z "${INPUT_PKI_ADDITIONAL_HOSTS:-}" ] ; then
echo "***"
echo "${INPUT_PKI_ADDITIONAL_HOSTS}"
echo "***"
for host in $(echo ${INPUT_PKI_ADDITIONAL_HOSTS}) ; do for host in $(echo ${INPUT_PKI_ADDITIONAL_HOSTS}) ; do
echo "@cert-authority ${host} ${host_ca_cert}" >> ~/.ssh/known_hosts echo "@cert-authority ${host} ${host_ca_cert}" >> ~/.ssh/known_hosts
echo "Registered ${host} to use KraussNet SSH @cert-authority" echo "Registered ${host} to use KraussNet SSH @cert-authority"
@@ -54,18 +55,18 @@ if [ ! -z "${INPUT_KNOWN_HOSTS:-}" ] ; then
echo "${INPUT_KNOWN_HOSTS}" >> ~/.ssh/known_hosts echo "${INPUT_KNOWN_HOSTS}" >> ~/.ssh/known_hosts
fi fi
echo "Registered SSH Host Certificate Authority" echo "Registered SSH Host Certificate Authority"
cat ~/.ssh/known_hosts [ ${debug} == "true" ] && cat ~/.ssh/known_hosts
# Obtain a User Certificate for Ansible # Obtain a User Certificate for Ansible
token=$(step ca token "${user_cert_subject}" --ssh --provisioner "${provisioner_name}" --provisioner-password-file <(printf "${provisioner_password}")) token=$(step ca token "${user_cert_subject}" --ssh --provisioner "${provisioner_name}" --provisioner-password-file <(printf "${provisioner_password}"))
echo "Obtained User Token from CA" echo "Obtained User Token from CA"
echo $token | step crypto jwt inspect --insecure [ ${debug} == "true" ] && echo $token | step crypto jwt inspect --insecure
[ ! -f ~/.ssh/id_ecdsa ] && ssh-keygen -t ecdsa -f ~/.ssh/id_ecdsa -N '' [ ! -f ~/.ssh/id_ecdsa ] && ssh-keygen -t ecdsa -f ~/.ssh/id_ecdsa -N ''
[ -f ~/.ssh/id_ecdsa-cert.pub ] && rm ~/.ssh/id_ecdsa-cert.pub [ -f ~/.ssh/id_ecdsa-cert.pub ] && rm ~/.ssh/id_ecdsa-cert.pub
step ssh certificate "${user_cert_subject}" ~/.ssh/id_ecdsa.pub --sign --provisioner "${provisioner_name}" --token $token step ssh certificate "${user_cert_subject}" ~/.ssh/id_ecdsa.pub --sign --provisioner "${provisioner_name}" --token $token
echo "Obtained User Certificate from CA" echo "Obtained User Certificate from CA"
ssh-keygen -L -f ~/.ssh/id_ecdsa-cert.pub [ ${debug} == "true" ] && ssh-keygen -L -f ~/.ssh/id_ecdsa-cert.pub
# Process the inventory parameter # Process the inventory parameter
inventory="" inventory=""