An Ansible Role that manages Hetzner Robot Keys.
- Existing Hetzner Online GmbH Account.
- Configured Hetzner Robot Webservice Account.
| Name | Type | Version | Location |
|---|---|---|---|
| ansible-filter | Python package | 1.0.1 | Control node |
Available variables are listed below, along with default values (see defaults/main.yml):
hetzner_key_webservice_base_url: https://robot-ws.your-server.de
Base url that is pointing to the Hetzner Robot API. The variable is mostly utilized for testing purposes, there is no need to change the default.
hetzner_key_webservice_username: robot
Webservice login name. May be set/changed as described in the section Change Access Data (Hetzner Wiki).
hetzner_key_webservice_password: secret
Webservice password. May be set/changed as described in the section Change Access Data (Hetzner Wiki).
hetzner_key_instances:
- name: New Key
data: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSkT3A1j89RT/540ghIMHXIVwNlAEM3WtmqVG7YN/wYwtsJ8iCszg4/lXQsfLFx\
YmEVe8L9atgtMGCi5QdYPl4X/c+5YxFfm88Yjfx+2xEgUdOr864eaI22yaNMQ0AlyilmK+PcSyxKP4dzkf6B5Nsw8lhfB5n9F5md6GHLLjOG\
uBbHYlesKJKnt2cMzzS90BdRk73qW6wJ+MCUWo+cyBFZVGOzrjJGEcHewOCbVs+IJWBFSi6w1enbKGc+RY9KrnzeDKWWqzYnNofiHGVFAuMx\
rmZOasqlTIKiC2UK3RmLxZicWiQmPnpnjJRo7pL0oYM9r/sIWzD6i2S9szDy6aZ"
Keys may be managed by Ansible specifying them within hetzner_key_instances variable. Keys are referenced by the name attribute.
Existing keys stored in the Hetzner Robot Key Management having different names will not be
updated nor removed. All keys from the Hetzner Robot Key Management will be
provisioned on the target hosts.
hetzner_key_instances:
- name: New Key
data: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSkT3A1j89RT/540ghIMHXIVwNlAEM3WtmqVG7YN/wYwtsJ8iCszg4/lXQsfLFx\
YmEVe8L9atgtMGCi5QdYPl4X/c+5YxFfm88Yjfx+2xEgUdOr864eaI22yaNMQ0AlyilmK+PcSyxKP4dzkf6B5Nsw8lhfB5n9F5md6GHLLjOG\
uBbHYlesKJKnt2cMzzS90BdRk73qW6wJ+MCUWo+cyBFZVGOzrjJGEcHewOCbVs+IJWBFSi6w1enbKGc+RY9KrnzeDKWWqzYnNofiHGVFAuMx\
rmZOasqlTIKiC2UK3RmLxZicWiQmPnpnjJRo7pL0oYM9r/sIWzD6i2S9szDy6aZ"
state: absent
Add state: absent to remove the key from Hetzner Robot Key Management and
the target hosts.
hetzner_key_webservice_concurrent_requests: 1
hetzner_key_webservice_concurrent_poll: 1
To speed up the role execution while handling the configuration for multiple keys, the number of parallel requests made to the Hetzner Robot API
can be controlled by hetzner_key_webservice_concurrent_requests variable. The poll interval for asynchronous request
result processing is set using hetzner_key_webservice_concurrent_poll. Check official documentation on
Asynchronous Actions and Polling for more explanation.
Tags can be used to limit the role execution to a particular task module. Following tags are available:
hetzner_key,config: Covers the full role lifecycle.hetzner_key_key: Manages access keys within Hetzner Robot Key Management.hetzner_key_host: Configures access keys on the target hosts.
None.
Since the role is managing the communication with the Hetzner Robot API only, it may be run on localhost.
- hosts: all
roles:
- nl2go.hetzner_key
Use docker-molecule following the instructions to run Molecule or install Molecule locally (not recommended, version conflicts might appear).
Use following to run tests:
molecule test --all
This role relies on hetzner-robot-api-mock to simulate interactions with the Hetzner Robot API.
See the LICENSE.md file for details.
This role was created by in 2019 by Newsletter2Go GmbH.