Bug fixes 2.x pr 2.x

docs/roles/aws/aws_ami.md

@@ -29,6 +29,7 @@ aws_ami:
   ami_name: "example"
   owner: "136693071363" # Global AWS account ID of owner, defaults to Debian official
   ssh_username: "admin"
+  public_key_name: id_ecdsa.pub # from Debian 12 (Bookworm) onwards RSA keys, i.e. id_rsa.pub, are deprecated
   encrypt_boot: false
   # EBS volume options
   device_name: /dev/xvda # default for Debian AMIs

docs/roles/debian/ce_deploy.md

@@ -20,7 +20,9 @@ ce_deploy:
   # Other ce-deploy settings.
   aws_support: true # installs boto3
   new_user: true # set to false if user already exists or is ephemeral, e.g. an LDAP user
-  key_name: id_rsa.pub # existing users may have a key of a different name
+  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ecdsa # set to rsa to create an RSA key
+  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
   username: "{{ _ce_deploy.username }}"
   own_repository: "https://github.com/codeenigma/ce-deploy.git"
   own_repository_branch: "master"

docs/roles/debian/ce_provision.md

@@ -21,7 +21,9 @@ ce_provision:
   new_user: "{{ _init.ce_provision_new_user }}" # see _init defaults, set to false if user already exists or is ephemeral, e.g. an LDAP user
   username: "{{ _ce_provision_username }}" # see _init defaults
   #uid: "{{ _init.ce_provision_uid }}" # see _init defaults, optionally hardcode the UID for this user
-  public_key_name: id_rsa.pub # existing users may have a key of a different name
+  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ecdsa # set to rsa to create an RSA key
+  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
   # Main repo.
   own_repository: "https://github.com/codeenigma/ce-provision.git"
   own_repository_branch: "master"

roles/aws/aws_ami/README.md

@@ -29,6 +29,7 @@ aws_ami:
   ami_name: "example"
   owner: "136693071363" # Global AWS account ID of owner, defaults to Debian official
   ssh_username: "admin"
+  public_key_name: id_ecdsa.pub # from Debian 12 (Bookworm) onwards RSA keys, i.e. id_rsa.pub, are deprecated
   encrypt_boot: false
   # EBS volume options
   device_name: /dev/xvda # default for Debian AMIs

roles/aws/aws_ami/defaults/main.yml

@@ -9,6 +9,7 @@ aws_ami:
   ami_name: "example"
   owner: "136693071363" # Global AWS account ID of owner, defaults to Debian official
   ssh_username: "admin"
+  public_key_name: id_ecdsa.pub # from Debian 12 (Bookworm) onwards RSA keys, i.e. id_rsa.pub, are deprecated
   encrypt_boot: false
   # EBS volume options
   device_name: /dev/xvda # default for Debian AMIs

roles/aws/aws_ami/templates/packer.json.j2

@@ -52,27 +52,28 @@
       "type": "ansible",
       "playbook_file": "{{ aws_ami.playbook_file }}",
       "inventory_directory": "{{ _ce_provision_base_dir }}/hosts",
-      "ssh_authorized_key_file": "/home/{{ user_provision.username }}/.ssh/id_rsa.pub",
+      "ssh_authorized_key_file": "/home/{{ user_provision.username }}/.ssh/{{ aws_ami.public_key_name }}",
       {% if aws_ami.groups is defined and aws_ami.groups | length %}
       "groups": {{ aws_ami.groups | to_json }},
       {% endif %}
       "ansible_env_vars": 
       [ 
-        "ANSIBLE_FORCE_COLOR=True", 
-        "ALLOW_WORLD_READABLE_TMPFILES=True", 
+        "ANSIBLE_FORCE_COLOR=True",
+        "ALLOW_WORLD_READABLE_TMPFILES=True",
         "ANSIBLE_CONFIG={{ _ce_provision_base_dir }}/ansible.cfg"
       ],
       "extra_arguments": 
-			[ 
+      [
+        "--scp-extra-args", "'-O'",
         {% if ansible_verbosity >= 1 %}
         "-vvvv",
         {% endif %}
         {% if _aws_ami_extra_vars is defined and _aws_ami_extra_vars | length %}
-        "--extra-vars", 
+        "--extra-vars",
         "{{ _aws_ami_extra_vars }}",
         {% endif %}        
-				"--extra-vars", 
-				"{ _ce_provision_base_dir: {{ _ce_provision_base_dir }}, _ce_provision_build_dir: {{ _ce_provision_build_dir }}, _ce_provision_build_tmp_dir: {{ _ce_provision_build_tmp_dir }}, _ce_provision_data_dir: {{ _ce_provision_data_dir }}, _ce_provision_build_id: {{ _ce_provision_build_id }}, _ce_provision_force_play: true }"
-			 ]
+        "--extra-vars",
+        "{ _ce_provision_base_dir: {{ _ce_provision_base_dir }}, _ce_provision_build_dir: {{ _ce_provision_build_dir }}, _ce_provision_build_tmp_dir: {{ _ce_provision_build_tmp_dir }}, _ce_provision_data_dir: {{ _ce_provision_data_dir }}, _ce_provision_build_id: {{ _ce_provision_build_id }}, _ce_provision_force_play: true }"
+      ]
   }]
 }

roles/debian/ce_deploy/README.md

@@ -20,7 +20,9 @@ ce_deploy:
   # Other ce-deploy settings.
   aws_support: true # installs boto3
   new_user: true # set to false if user already exists or is ephemeral, e.g. an LDAP user
-  key_name: id_rsa.pub # existing users may have a key of a different name
+  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ecdsa # set to rsa to create an RSA key
+  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
   username: "{{ _ce_deploy.username }}"
   own_repository: "https://github.com/codeenigma/ce-deploy.git"
   own_repository_branch: "master"

roles/debian/ce_deploy/defaults/main.yml

@@ -12,7 +12,9 @@ ce_deploy:
   # Other ce-deploy settings.
   aws_support: true # installs boto3
   new_user: true # set to false if user already exists or is ephemeral, e.g. an LDAP user
-  key_name: id_rsa.pub # existing users may have a key of a different name
+  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ecdsa # set to rsa to create an RSA key
+  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
   username: "{{ _ce_deploy.username }}"
   own_repository: "https://github.com/codeenigma/ce-deploy.git"
   own_repository_branch: "master"

roles/debian/ce_deploy/tasks/main.yml

@@ -16,7 +16,8 @@
     generate_ssh_key: true
     home: "/home/{{ ce_deploy.username }}"
     password: "*"
-    ssh_key_bits: 4096
+    ssh_key_bits: "{{ ce_deploy.ssh_key_bits }}"
+    ssh_key_type: "{{ ce_deploy.ssh_key_type }}"
     ssh_key_comment: "{{ ce_deploy.username }}@{{ ansible_host }}"
     system: true
     groups: "{{ ce_deploy.groups }}"
@@ -35,7 +36,7 @@
 - name: Place the public key in the ce-provision data directory on the controller server.
   ansible.builtin.fetch:
     dest: "{{ _ce_provision_data_dir }}"
-    src: "/home/{{ ce_deploy.username }}/.ssh/{{ ce_deploy.key_name }}"
+    src: "/home/{{ ce_deploy.username }}/.ssh/{{ ce_deploy.public_key_name }}"
 
 - name: Ensure Git is installed.
   ansible.builtin.apt:

roles/debian/ce_provision/README.md

@@ -21,7 +21,9 @@ ce_provision:
   new_user: "{{ _init.ce_provision_new_user }}" # see _init defaults, set to false if user already exists or is ephemeral, e.g. an LDAP user
   username: "{{ _ce_provision_username }}" # see _init defaults
   #uid: "{{ _init.ce_provision_uid }}" # see _init defaults, optionally hardcode the UID for this user
-  public_key_name: id_rsa.pub # existing users may have a key of a different name
+  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ecdsa # set to rsa to create an RSA key
+  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
   # Main repo.
   own_repository: "https://github.com/codeenigma/ce-provision.git"
   own_repository_branch: "master"

roles/debian/ce_provision/defaults/main.yml

@@ -12,7 +12,9 @@ ce_provision:
   new_user: "{{ _init.ce_provision_new_user }}" # see _init defaults, set to false if user already exists or is ephemeral, e.g. an LDAP user
   username: "{{ _ce_provision_username }}" # see _init defaults
   #uid: "{{ _init.ce_provision_uid }}" # see _init defaults, optionally hardcode the UID for this user
-  public_key_name: id_rsa.pub # existing users may have a key of a different name
+  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ecdsa # set to rsa to create an RSA key
+  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
   # Main repo.
   own_repository: "https://github.com/codeenigma/ce-provision.git"
   own_repository_branch: "master"

roles/debian/ce_provision/tasks/main.yml

@@ -30,7 +30,8 @@
     generate_ssh_key: true
     home: "/home/{{ ce_provision.username }}"
     password: "*"
-    ssh_key_bits: 4096
+    ssh_key_bits: "{{ ce_provision.ssh_key_bits }}"
+    ssh_key_type: "{{ ce_provision.ssh_key_type }}"
     ssh_key_comment: "{{ ce_provision.username }}@{{ ansible_host }}"
     system: true
     groups: "{{ ce_provision.groups }}"