This role handles the ssh keys of any number of system users.

Usage

By default, only the root user is handled, you can modify the list of users with this variable:

ssh_keygen_user_list:
  - root

This role will look at hashicorp vault and on the server to see if ssh keys are present for the defined users.

What this role does

There are 4 possibilities for each user:

1. the key doesn't exists anywhere: the key will be generated on the server and stored on hashicorp vault
2. the key is only present on the server: the key will be send to hashicorp vault
3. the key is only present on hashicorp vault: the key will be send to the server
4. the key is present on both sides: this role will check that the key is the same everywhere and fail if it is not the case

Important limitation

(!) Due to the limitation of ansible, this role will take an exponential amount of time for each new user.

This is due to the usage of the with_nested loop function with up to 3 dictionaries. This is currently the only way I found to match indexes of dictionaries together.

This basically mean that if the number of user is too large, this role will take so much time that it will never complete. The exact number is unknown (depends on computer power of hashicorp vault, the admin workstation, etc).

For now, avoid more than 3 users.