From 8199744e9cee88127291b22ebeb9e78142cc4ade Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Tue, 3 Apr 2018 11:14:11 +0100
Subject: xci: osa: Move tasks for managing SSH keys to a new file

The tasks that manage the SSH keys are common across hosts and
also common across different installers. As such, lets move them
to a new file so we can share them more easily.

Change-Id: If235877394f224a47a2f2b8de748a2330eabcec1
Signed-off-by: Markos Chandras <mchandras@suse.de>
---
 xci/playbooks/manage-ssh-keys.yml | 47 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 xci/playbooks/manage-ssh-keys.yml

(limited to 'xci/playbooks')

diff --git a/xci/playbooks/manage-ssh-keys.yml b/xci/playbooks/manage-ssh-keys.yml
new file mode 100644
index 00000000..ff797aad
--- /dev/null
+++ b/xci/playbooks/manage-ssh-keys.yml
@@ -0,0 +1,47 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018 SUSE Linux GmbH and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: Configure SSH key for root user
+  user:
+    name: root
+    generate_ssh_key: yes
+    ssh_key_bits: 2048
+    ssh_key_comment: xci
+    ssh_key_type: rsa
+    state: present
+
+- name: Determine local user
+  become: no
+  local_action: command whoami
+  changed_when: False
+  register: _ansible_user
+
+- name: Fetch local SSH key
+  delegate_to: localhost
+  become: no
+  slurp:
+    src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
+  register: _local_ssh_key
+
+- name: Fetch OPNFV SSH key
+  delegate_to: opnfv
+  slurp:
+    src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
+  register: _opnfv_ssh_key
+
+- name: "Configure {{ inventory_hostname }} authorized_keys file"
+  authorized_key:
+    exclusive: "{{ item.exclusive }}"
+    user: root
+    state: present
+    manage_dir: yes
+    key: "{{ item.key }}"
+    comment: "{{ item.comment }}"
+  with_items:
+    - { key: "{{ _local_ssh_key['content'] | b64decode }}", comment: "{{ _ansible_user.stdout }} key", exclusive: yes }
+    - { key: "{{ _opnfv_ssh_key['content'] | b64decode }}", comment: "opnfv host key", exclusive: no }
-- 
cgit 


From 9fc661b56dbd90df944755140bfff88fb1197fbd Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Tue, 3 Apr 2018 12:47:54 +0100
Subject: xci: osa: Use Ansible modules to create ssl certificates

Ansible already provides modules to create ssl certificates so we can
use these instead of running the openssl commands directly. Moreover, we
can drop all the tasks which create the ssl directories since there are
being created by the openssl package which also creates the appropriate
symlinks. Finally, there is no need to generate the certificate on
localhost if only the OPNFV host consumes it, so move these steps to
the appropriate playbook.

Change-Id: I0045945c502013be3d76440876e894a44a092690
Signed-off-by: Markos Chandras <mchandras@suse.de>
---
 xci/playbooks/configure-localhost.yml | 36 +++++++++--------------------------
 1 file changed, 9 insertions(+), 27 deletions(-)

(limited to 'xci/playbooks')

diff --git a/xci/playbooks/configure-localhost.yml b/xci/playbooks/configure-localhost.yml
index 1f010528..5f091c92 100644
--- a/xci/playbooks/configure-localhost.yml
+++ b/xci/playbooks/configure-localhost.yml
@@ -69,34 +69,16 @@
         path: "{{log_path}}"
         state: directory
         recurse: no
-    - block:
-        - name: check if certificate directory /etc/ssl/certs exists already
-          stat: path=/etc/ssl/certs
-          register: check_etc_ssl_certs
-        - name: create certificate directory /etc/ssl/certs
-          become: true
-          file:
-            path: "/etc/ssl/certs"
-            state: directory
-          when: check_etc_ssl_certs.stat.exists == false
-        - name: create key directory /etc/ssl/private
-          become: true
-          file:
-            path: "/etc/ssl/private"
-            state: directory
-        - name: generate self signed certificate
-          command: openssl req -new -nodes -x509 -subj "{{ xci_ssl_subject }}" -days 3650 -keyout "/etc/ssl/private/xci.key" -out "/etc/ssl/certs/xci.crt" -extensions v3_ca
-          become: true
-        - name: Synchronize local development OSA repository to XCI paths
-          # command module is much faster than the copy module
-          synchronize:
-            src: "{{ openstack_osa_dev_path }}"
-            dest: "{{ xci_cache }}/repos/openstack-ansible"
-            recursive: yes
-            delete: yes
-          when:
-            - openstack_osa_dev_path != ""
+
+    - name: Synchronize local development OSA repository to XCI paths
+      # command module is much faster than the copy module
+      synchronize:
+        src: "{{ openstack_osa_dev_path }}"
+        dest: "{{ xci_cache }}/repos/openstack-ansible"
+        recursive: yes
+        delete: yes
       when:
+        - openstack_osa_dev_path != ""
         - installer_type == "osa"
 
     - name: Configure SSH key for local user
-- 
cgit