xci: Use proper Ansible modules to manage SSH keys 77/54577/1
authorMarkos Chandras <mchandras@suse.de>
Wed, 28 Mar 2018 09:24:47 +0000 (10:24 +0100)
committerMarkos Chandras <mchandras@suse.de>
Wed, 28 Mar 2018 21:05:21 +0000 (22:05 +0100)
We can use the 'user', 'slurp' and 'authorized_key' modules
to manage the various SSH configurations across the hosts instead
of using command line tools.

Change-Id: I2dde4d584fc336e267868607d5a58f5ee2c1feed
Signed-off-by: Markos Chandras <mchandras@suse.de>
xci/installer/osa/playbooks/configure-opnfvhost.yml
xci/installer/osa/playbooks/configure-targethosts.yml
xci/playbooks/configure-localhost.yml

index 001fcee..25e78b2 100644 (file)
       proxy_settings_no_proxy: "{{ lookup('env','no_proxy') }}"
 
   tasks:
-    - name: generate SSH keys
-      command: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
-      args:
-        creates: "{{ ansible_env.HOME }}/.ssh/id_rsa"
-      changed_when: True
-    - name: fetch public key
-      fetch:
-        src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
-        dest: "{{ xci_path }}/xci/files/authorized_keys"
-        flat: yes
+    - name: Configure SSH key for root user
+      user:
+        name: root
+        generate_ssh_key: yes
+        ssh_key_bits: 2048
+        ssh_key_comment: xci
+        ssh_key_type: rsa
+        state: present
+
     - name: Copy releng-xci to remote host
       synchronize:
         src: "{{ xci_path }}/"
         src: "{{ xci_path }}/.cache/xci.env"
         dest: /root/xci.env
 
-- hosts: localhost
-  remote_user: root
-
-  tasks:
-    - name: Append public keys to authorized_keys
-      shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ xci_path }}/xci/files/authorized_keys"
-      changed_when: True
-
-- hosts: opnfv
-  remote_user: root
-  vars_files:
-    - "{{ xci_path }}/xci/var/opnfv.yml"
-
-  pre_tasks:
-    - name: Load distribution variables
+    - name: Reload OpenStack-Ansible variables
       include_vars:
-        file: "{{ item }}"
-      failed_when: false
-      with_items:
-        - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml"
-        - "{{ xci_flavor_ansible_file_path }}/flavor-vars.yml"
-        - "{{ xci_flavor_ansible_file_path }}/user_variables.yml"
-  roles:
-    - role: "openstack-ansible-openstack_openrc"
+        file: "{{ xci_flavor_ansible_file_path }}/user_variables.yml"
+
+    - name: Generate openrc
+      include_role:
+        name: "openstack-ansible-openstack_openrc"
 
-  tasks:
     - name: add extra insecure flag to generated openrc
       blockinfile:
           dest: "{{ ansible_env.HOME }}/openrc"
         dest: "{{ xci_path }}/.cache/openrc"
         flat: true
 
-    - name: add public key to host
-      copy:
-        src: "{{ xci_path }}/xci/files/authorized_keys"
-        dest: /root/.ssh/authorized_keys
+    - name: Determine local user
+      become: no
+      local_action: command whoami
+      changed_when: False
+      register: _ansible_user
+
+    - name: Fetch local SSH key
+      delegate_to: localhost
+      become: no
+      slurp:
+        src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
+      register: _local_ssh_key
+
+    - name: Configure OPNFV authorized_keys file
+      authorized_key:
+        exclusive: yes
+        user: root
+        state: present
+        manage_dir: yes
+        comment: "{{ _ansible_user.stdout }} key"
+        key: "{{ _local_ssh_key['content'] | b64decode }}"
index 09258e7..b76a595 100644 (file)
         - xci_ceph_enabled == "true"
         - "'compute' in group_names"
   tasks:
-    - name: add public key to host
-      copy:
-        src: "{{ xci_path }}/xci/files/authorized_keys"
-        dest: /root/.ssh/authorized_keys
+    - name: Determine local user
+      become: no
+      local_action: command whoami
+      changed_when: False
+      register: _ansible_user
+
+    - name: Fetch local SSH key
+      delegate_to: localhost
+      become: no
+      slurp:
+        src: "/home/{{ _ansible_user.stdout }}/.ssh/id_rsa.pub"
+      register: _local_ssh_key
+
+    - name: Fetch OPNFV SSH key
+      delegate_to: opnfv
+      slurp:
+        src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
+      register: _opnfv_ssh_key
+
+    - name: "Configure {{ inventory_hostname }} authorized_keys file"
+      authorized_key:
+        exclusive: "{{ item.exclusive }}"
+        user: root
+        state: present
+        manage_dir: yes
+        key: "{{ item.key }}"
+        comment: "{{ item.comment }}"
+      with_items:
+        - { key: "{{ _local_ssh_key['content'] | b64decode }}", comment: "{{ _ansible_user.stdout }} key", exclusive: yes }
+        - { key: "{{ _opnfv_ssh_key['content'] | b64decode }}", comment: "opnfv host key", exclusive: no }
index f64400e..1f01052 100644 (file)
       when:
         - installer_type == "osa"
 
+    - name: Configure SSH key for local user
+      user:
+        name: "{{ ansible_env.USER }}"
+        createhome: yes
+        home: "/home/{{ ansible_env.USER }}"
+        move_home: yes
+        shell: /bin/bash
+        generate_ssh_key: yes
+        ssh_key_bits: 2048
+        ssh_key_comment: xci
+        ssh_key_type: rsa
+        ssh_key_file: .ssh/id_rsa
+        state: present
+
     - name: Dump XCI execution environment to a file
       shell: env > "{{ xci_path }}/.cache/xci.env"
       args: