summaryrefslogtreecommitdiffstats
path: root/xci/installer
diff options
context:
space:
mode:
authorMarkos Chandras <mchandras@suse.de>2018-03-28 10:24:47 +0100
committerMarkos Chandras <mchandras@suse.de>2018-03-28 22:05:21 +0100
commite6b6001274cafea8374a06e8b17fb22fa20eb096 (patch)
tree4ee39c57aaf38f653f008f8b62859b72ef3bf3a8 /xci/installer
parent455ea6c732384de5616be9c8c5cb006ae38e6716 (diff)
xci: Use proper Ansible modules to manage SSH keys
We can use the 'user', 'slurp' and 'authorized_key' modules to manage the various SSH configurations across the hosts instead of using command line tools. Change-Id: I2dde4d584fc336e267868607d5a58f5ee2c1feed Signed-off-by: Markos Chandras <mchandras@suse.de>
Diffstat (limited to 'xci/installer')
-rw-r--r--xci/installer/osa/playbooks/configure-opnfvhost.yml74
-rw-r--r--xci/installer/osa/playbooks/configure-targethosts.yml34
2 files changed, 66 insertions, 42 deletions
diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml
index 001fcee3..25e78b2c 100644
--- a/xci/installer/osa/playbooks/configure-opnfvhost.yml
+++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml
@@ -43,16 +43,15 @@
proxy_settings_no_proxy: "{{ lookup('env','no_proxy') }}"
tasks:
- - name: generate SSH keys
- command: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
- args:
- creates: "{{ ansible_env.HOME }}/.ssh/id_rsa"
- changed_when: True
- - name: fetch public key
- fetch:
- src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
- dest: "{{ xci_path }}/xci/files/authorized_keys"
- flat: yes
+ - name: Configure SSH key for root user
+ user:
+ name: root
+ generate_ssh_key: yes
+ ssh_key_bits: 2048
+ ssh_key_comment: xci
+ ssh_key_type: rsa
+ state: present
+
- name: Copy releng-xci to remote host
synchronize:
src: "{{ xci_path }}/"
@@ -204,32 +203,14 @@
src: "{{ xci_path }}/.cache/xci.env"
dest: /root/xci.env
-- hosts: localhost
- remote_user: root
-
- tasks:
- - name: Append public keys to authorized_keys
- shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ xci_path }}/xci/files/authorized_keys"
- changed_when: True
-
-- hosts: opnfv
- remote_user: root
- vars_files:
- - "{{ xci_path }}/xci/var/opnfv.yml"
-
- pre_tasks:
- - name: Load distribution variables
+ - name: Reload OpenStack-Ansible variables
include_vars:
- file: "{{ item }}"
- failed_when: false
- with_items:
- - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml"
- - "{{ xci_flavor_ansible_file_path }}/flavor-vars.yml"
- - "{{ xci_flavor_ansible_file_path }}/user_variables.yml"
- roles:
- - role: "openstack-ansible-openstack_openrc"
+ file: "{{ xci_flavor_ansible_file_path }}/user_variables.yml"
+
+ - name: Generate openrc
+ include_role:
+ name: "openstack-ansible-openstack_openrc"
- tasks:
- name: add extra insecure flag to generated openrc
blockinfile:
dest: "{{ ansible_env.HOME }}/openrc"
@@ -242,7 +223,24 @@
dest: "{{ xci_path }}/.cache/openrc"
flat: true
- - name: add public key to host
- copy:
- src: "{{ xci_path }}/xci/files/authorized_keys"
- dest: /root/.ssh/authorized_keys
+ - name: Determine local user
+ become: no
+ local_action: command whoami
+ changed_when: False
+ register: _ansible_user
+
+ - name: Fetch local SSH key
+ delegate_to: localhost
+ become: no
+ slurp:
+ src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
+ register: _local_ssh_key
+
+ - name: Configure OPNFV authorized_keys file
+ authorized_key:
+ exclusive: yes
+ user: root
+ state: present
+ manage_dir: yes
+ comment: "{{ _ansible_user.stdout }} key"
+ key: "{{ _local_ssh_key['content'] | b64decode }}"
diff --git a/xci/installer/osa/playbooks/configure-targethosts.yml b/xci/installer/osa/playbooks/configure-targethosts.yml
index 09258e7c..b76a5950 100644
--- a/xci/installer/osa/playbooks/configure-targethosts.yml
+++ b/xci/installer/osa/playbooks/configure-targethosts.yml
@@ -33,7 +33,33 @@
- xci_ceph_enabled == "true"
- "'compute' in group_names"
tasks:
- - name: add public key to host
- copy:
- src: "{{ xci_path }}/xci/files/authorized_keys"
- dest: /root/.ssh/authorized_keys
+ - name: Determine local user
+ become: no
+ local_action: command whoami
+ changed_when: False
+ register: _ansible_user
+
+ - name: Fetch local SSH key
+ delegate_to: localhost
+ become: no
+ slurp:
+ src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
+ register: _local_ssh_key
+
+ - name: Fetch OPNFV SSH key
+ delegate_to: opnfv
+ slurp:
+ src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
+ register: _opnfv_ssh_key
+
+ - name: "Configure {{ inventory_hostname }} authorized_keys file"
+ authorized_key:
+ exclusive: "{{ item.exclusive }}"
+ user: root
+ state: present
+ manage_dir: yes
+ key: "{{ item.key }}"
+ comment: "{{ item.comment }}"
+ with_items:
+ - { key: "{{ _local_ssh_key['content'] | b64decode }}", comment: "{{ _ansible_user.stdout }} key", exclusive: yes }
+ - { key: "{{ _opnfv_ssh_key['content'] | b64decode }}", comment: "opnfv host key", exclusive: no }