ianling/setup_user_sshcerts.yml

## setup_user_sshcerts.yml
---
- name: Set up sshcerts for MYUSER
  hosts: all
  remote_user: MYUSER

  tasks:
   - name: Generate a unique key for this host
     local_action: command /usr/bin/ssh-keygen -b 2048 -t rsa -f /home/MYUSER/sshkeys/{{ inventory_hostname }} -q -N ""

   - name: Create /backup/.ssh recursively
     file: path=/home/MYUSER/.ssh state=directory owner=MYUSER group=MYUSER mode=0700 recurse=yes

   - name: Add public key to backup user
     authorized_key: user=MYUSER
                     key="{{ lookup('file', '/home/MYUSER/sshkeys/'+inventory_hostname+'.pub') }}"
                     state=present
	---
	- name: Set up sshcerts for MYUSER
	hosts: all
	remote_user: MYUSER

	tasks:
	- name: Generate a unique key for this host
	local_action: command /usr/bin/ssh-keygen -b 2048 -t rsa -f /home/MYUSER/sshkeys/{{ inventory_hostname }} -q -N ""

	- name: Create /backup/.ssh recursively
	file: path=/home/MYUSER/.ssh state=directory owner=MYUSER group=MYUSER mode=0700 recurse=yes

	- name: Add public key to backup user
	authorized_key: user=MYUSER
	key="{{ lookup('file', '/home/MYUSER/sshkeys/'+inventory_hostname+'.pub') }}"
	state=present