K3S/roles/k8s-user/tasks/distribute_keys.yml

---
# Раскладывает приватный и публичный ключ k8s пользователя на текущий хост
# Ключи берутся из hostvars первого мастера (сгенерированы там play'ем generate_keys)

- name: Deploy private key to {{ k8s_service_user }} user
  ansible.builtin.copy:
    content: "{{ hostvars[groups['k3s_master'][0]][k8s_service_user + '_ssh_private_key'] }}"
    dest: "/home/{{ k8s_service_user }}/{{ k8s_service_user_ssh_dir }}/id_rsa"
    owner: "{{ k8s_service_user }}"
    group: "{{ k8s_service_user }}"
    mode: '0600'
  become: true

- name: Deploy public key to {{ k8s_service_user }} user
  ansible.builtin.copy:
    content: "{{ hostvars[groups['k3s_master'][0]][k8s_service_user + '_ssh_public_key'] }}\n"
    dest: "/home/{{ k8s_service_user }}/{{ k8s_service_user_ssh_dir }}/id_rsa.pub"
    owner: "{{ k8s_service_user }}"
    group: "{{ k8s_service_user }}"
    mode: '0644'
  become: true

- name: Add {{ k8s_service_user }} public key to authorized_keys
  ansible.posix.authorized_key:
    user: "{{ k8s_service_user }}"
    key: "{{ hostvars[groups['k3s_master'][0]][k8s_service_user + '_ssh_public_key'] }}"
    state: present
  become: true