1 files changed, 15 insertions, 57 deletions

diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml
index 11957cdc..f12f831c 100644
--- a/xci/installer/osa/playbooks/configure-opnfvhost.yml
+++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml
@@ -43,15 +43,6 @@
       proxy_settings_no_proxy: "{{ lookup('env','no_proxy') }}"
 
   tasks:
-    - name: Configure SSH key for root user
-      user:
-        name: root
-        generate_ssh_key: yes
-        ssh_key_bits: 2048
-        ssh_key_comment: xci
-        ssh_key_type: rsa
-        state: present
-
     - name: Copy releng-xci to remote host
       synchronize:
         src: "{{ xci_path }}/"
@@ -92,9 +83,9 @@
         - { src: "{{ remote_xci_path }}/xci/installer/osa/files/cinder.yml", dest: "{{ openstack_osa_etc_path }}/env.d" }
         - { src: "{{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml", cond: "{{ lookup('env', 'http_proxy') != '' }}" }
         - { src: "{{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml", dest: "{{ openstack_osa_path }}/playbooks" }
-        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/ansible-role-requirements.yml", dest: "{{openstack_osa_path}}/ansible-role-requirements.yml", cond: openstack_osa_version != "master" }
-        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/global-requirement-pins.txt", dest: "{{openstack_osa_path}}/global-requirement-pins.txt", cond: openstack_osa_version != "master" }
-        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml", dest: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml", cond: openstack_osa_version != "master" }
+        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/ansible-role-requirements.yml", dest: "{{openstack_osa_path}}/ansible-role-requirements.yml", cond: "{{ openstack_osa_version != 'master' }}" }
+        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/global-requirement-pins.txt", dest: "{{openstack_osa_path}}/global-requirement-pins.txt", cond: "{{ openstack_osa_version != 'master' }}" }
+        - { src: "{{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml", dest: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml", cond: "{{ openstack_osa_version != 'master' }}" }
       when: item.cond is not defined or (item.cond is defined and item.cond | bool)
       loop_control:
         label: "{{ item.src }}"
@@ -118,8 +109,12 @@
         - lookup('env','http_proxy') != ""
 
     - include: "{{ xci_path }}/xci/playbooks/bootstrap-scenarios.yml"
+
     - name: bootstrap ansible on opnfv host
       command: "/bin/bash ./scripts/bootstrap-ansible.sh"
+      args:
+        creates: "/usr/local/bin/openstack-ansible"
+
       changed_when: True
       args:
         chdir: "{{openstack_osa_path}}"
@@ -157,30 +152,12 @@
       args:
         chdir: "{{openstack_osa_path}}/scripts"
       changed_when: True
-    - name: check if certificate directory /etc/ssl/certs exists already
-      stat: path=/etc/ssl/certs
-      register: check_etc_ssl_certs
-    - name: create certificate directory /etc/ssl/certs
-      file:
-        path: "/etc/ssl/certs"
-        state: directory
-      when: check_etc_ssl_certs.stat.exists == false
-    - name: create key directory /etc/ssl/private
-      file:
-        path: "/etc/ssl/private"
-        state: directory
-    - name: copy certificate to /etc/ssl/certs
-      copy:
-        src: "/etc/ssl/certs/xci.crt"
-        dest: "/etc/ssl/certs/"
-    - name: read remote key from /etc/ssl/private
-      set_fact:
-        xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}"
-    - name: copy key to /etc/ssl/private
-      copy:
-        content: "{{ xci_ssl_key }}"
-        dest: "/etc/ssl/private/xci.key"
-      become: true
+
+    - name: Configure SSL certificates
+      include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml"
+      vars:
+        extra_args: "-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt"
+
     - name: fetch xci environment
       copy:
         src: "{{ xci_path }}/.cache/xci.env"
@@ -206,24 +183,5 @@
         dest: "{{ xci_path }}/.cache/openrc"
         flat: true
 
-    - name: Determine local user
-      become: no
-      local_action: command whoami
-      changed_when: False
-      register: _ansible_user
-
-    - name: Fetch local SSH key
-      delegate_to: localhost
-      become: no
-      slurp:
-        src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
-      register: _local_ssh_key
-
-    - name: Configure OPNFV authorized_keys file
-      authorized_key:
-        exclusive: yes
-        user: root
-        state: present
-        manage_dir: yes
-        comment: "{{ _ansible_user.stdout }} key"
-        key: "{{ _local_ssh_key['content'] | b64decode }}"
+    - name: Manage SSH keys
+      include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml"