4 files changed, 89 insertions, 28 deletions

diff --git a/xci/playbooks/configure-localhost.yml b/xci/playbooks/configure-localhost.yml
index 1f010528..5f091c92 100644
--- a/xci/playbooks/configure-localhost.yml
+++ b/xci/playbooks/configure-localhost.yml
@@ -69,34 +69,16 @@
         path: "{{log_path}}"
         state: directory
         recurse: no
-    - block:
-        - name: check if certificate directory /etc/ssl/certs exists already
-          stat: path=/etc/ssl/certs
-          register: check_etc_ssl_certs
-        - name: create certificate directory /etc/ssl/certs
-          become: true
-          file:
-            path: "/etc/ssl/certs"
-            state: directory
-          when: check_etc_ssl_certs.stat.exists == false
-        - name: create key directory /etc/ssl/private
-          become: true
-          file:
-            path: "/etc/ssl/private"
-            state: directory
-        - name: generate self signed certificate
-          command: openssl req -new -nodes -x509 -subj "{{ xci_ssl_subject }}" -days 3650 -keyout "/etc/ssl/private/xci.key" -out "/etc/ssl/certs/xci.crt" -extensions v3_ca
-          become: true
-        - name: Synchronize local development OSA repository to XCI paths
-          # command module is much faster than the copy module
-          synchronize:
-            src: "{{ openstack_osa_dev_path }}"
-            dest: "{{ xci_cache }}/repos/openstack-ansible"
-            recursive: yes
-            delete: yes
-          when:
-            - openstack_osa_dev_path != ""
+
+    - name: Synchronize local development OSA repository to XCI paths
+      # command module is much faster than the copy module
+      synchronize:
+        src: "{{ openstack_osa_dev_path }}"
+        dest: "{{ xci_cache }}/repos/openstack-ansible"
+        recursive: yes
+        delete: yes
       when:
+        - openstack_osa_dev_path != ""
         - installer_type == "osa"
 
     - name: Configure SSH key for local user
diff --git a/xci/playbooks/get-opnfv-scenario-requirements.yml b/xci/playbooks/get-opnfv-scenario-requirements.yml
index f37de61a..af97ceb2 100644
--- a/xci/playbooks/get-opnfv-scenario-requirements.yml
+++ b/xci/playbooks/get-opnfv-scenario-requirements.yml
@@ -80,7 +80,7 @@
         dest: "{{ role_path_default }}/{{ item.item.role | basename }}"
         archive: no
         times: no
-        recurse: yes
+        recursive: yes
         checksum: yes
         owner: yes
         group: yes
diff --git a/xci/playbooks/manage-ssh-keys.yml b/xci/playbooks/manage-ssh-keys.yml
new file mode 100644
index 00000000..ff797aad
--- /dev/null
+++ b/xci/playbooks/manage-ssh-keys.yml
@@ -0,0 +1,47 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018 SUSE Linux GmbH and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: Configure SSH key for root user
+  user:
+    name: root
+    generate_ssh_key: yes
+    ssh_key_bits: 2048
+    ssh_key_comment: xci
+    ssh_key_type: rsa
+    state: present
+
+- name: Determine local user
+  become: no
+  local_action: command whoami
+  changed_when: False
+  register: _ansible_user
+
+- name: Fetch local SSH key
+  delegate_to: localhost
+  become: no
+  slurp:
+    src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
+  register: _local_ssh_key
+
+- name: Fetch OPNFV SSH key
+  delegate_to: opnfv
+  slurp:
+    src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
+  register: _opnfv_ssh_key
+
+- name: "Configure {{ inventory_hostname }} authorized_keys file"
+  authorized_key:
+    exclusive: "{{ item.exclusive }}"
+    user: root
+    state: present
+    manage_dir: yes
+    key: "{{ item.key }}"
+    comment: "{{ item.comment }}"
+  with_items:
+    - { key: "{{ _local_ssh_key['content'] | b64decode }}", comment: "{{ _ansible_user.stdout }} key", exclusive: yes }
+    - { key: "{{ _opnfv_ssh_key['content'] | b64decode }}", comment: "opnfv host key", exclusive: no }
diff --git a/xci/playbooks/manage-ssl-certs.yml b/xci/playbooks/manage-ssl-certs.yml
new file mode 100644
index 00000000..d0c5c518
--- /dev/null
+++ b/xci/playbooks/manage-ssl-certs.yml
@@ -0,0 +1,32 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018 SUSE Linux GmbH and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: Install required pip packages for SSL
+  pip:
+    name: pyOpenSSL
+    state: present
+    extra_args: "{{ extra_args | default(omit) }}"
+
+- name: Generate XCI private key
+  openssl_privatekey:
+    path: /etc/ssl/private/xci.key
+    size: 2048
+
+- name: Generate XCI certificate request
+  openssl_csr:
+    privatekey_path: /etc/ssl/private/xci.key
+    path: /etc/ssl/private/xci.csr
+    common_name: "{{ xci_ssl_subject }}"
+
+- name: Generate XCI self signed certificate
+  openssl_certificate:
+    path: /etc/ssl/certs/xci.crt
+    privatekey_path: /etc/ssl/private/xci.key
+    csr_path: /etc/ssl/private/xci.csr
+    provider: selfsigned
+    selfsigned_not_after: 20800101000000Z