From: Markos Chandras <mchandras@suse.de>
Date: Wed, 10 May 2017 10:37:38 +0000 (+0100)
Subject: prototypes: xci: Move host keys away from / directory
X-Git-Tag: 6.0.0~368
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=34d9d9af0ed39f73d8505a469e69a24f6a964c36;p=releng-xci.git

prototypes: xci: Move host keys away from / directory

Putting the host keys in '/' requires root privileges so
it's best if we place them in the same directory like the
rest of the XCI files.

Change-Id: I030ed3d6cbb57bb984a78aeffb4eca2bd5c10bb0
Signed-off-by: Markos Chandras <mchandras@suse.de>
---

diff --git a/xci/config/user-vars b/xci/config/user-vars
index 135db71c..f9de940a 100755
--- a/xci/config/user-vars
+++ b/xci/config/user-vars
@@ -32,6 +32,7 @@ export XCI_DEVEL_ROOT=${XCI_DEVEL_ROOT:-"/tmp/.xci-deploy-env"}
 export OPNFV_RELENG_PATH="${XCI_DEVEL_ROOT}/releng"
 export OPENSTACK_BIFROST_PATH="${XCI_DEVEL_ROOT}/bifrost"
 export OPENSTACK_OSA_PATH="${XCI_DEVEL_ROOT}/openstack-ansible"
+export OPNFV_SSH_HOST_KEYS_PATH="${XCI_DEVEL_ROOT}/ssh_host_keys"
 
 #-------------------------------------------------------------------------------
 # Set the playbook to use for OpenStack deployment
diff --git a/xci/playbooks/configure-opnfvhost.yml b/xci/playbooks/configure-opnfvhost.yml
index 28e6b217..af90c9dc 100644
--- a/xci/playbooks/configure-opnfvhost.yml
+++ b/xci/playbooks/configure-opnfvhost.yml
@@ -55,8 +55,12 @@
       shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
       args:
         creates: /root/.ssh/id_rsa
+    - name: ensure ssh key storage directory exists
+      file:
+        path: "{{ OPNFV_SSH_HOST_KEYS_PATH }}"
+        state: directory
     - name: fetch public key
-      fetch: src="/root/.ssh/id_rsa.pub" dest="/"
+      fetch: src="/root/.ssh/id_rsa.pub" dest="{{ OPNFV_SSH_HOST_KEYS_PATH }}"
     - name: copy flavor inventory
       shell: "/bin/cp -rf {{XCI_FLAVOR_ANSIBLE_FILE_PATH}}/inventory {{OPNFV_RELENG_PATH}}/prototypes/xci/playbooks"
     - name: copy flavor vars
@@ -89,8 +93,10 @@
         chdir: "{{OPENSTACK_OSA_PATH}}/scripts"
 - hosts: localhost
   remote_user: root
+  vars_files:
+    - ../var/opnfv.yml
   tasks:
     - name: Generate authorized_keys
-      shell: "/bin/cat /opnfv/root/.ssh/id_rsa.pub >> ../file/authorized_keys"
+      shell: "/bin/cat {{ OPNFV_SSH_HOST_KEYS_PATH }}/opnfv/root/.ssh/id_rsa.pub >> ../file/authorized_keys"
     - name: Append public keys to authorized_keys
       shell: "/bin/cat /root/.ssh/id_rsa.pub >> ../file/authorized_keys"
diff --git a/xci/playbooks/roles/remove-folders/tasks/main.yml b/xci/playbooks/roles/remove-folders/tasks/main.yml
index ac8c0f7d..425b8dbf 100644
--- a/xci/playbooks/roles/remove-folders/tasks/main.yml
+++ b/xci/playbooks/roles/remove-folders/tasks/main.yml
@@ -18,3 +18,4 @@
     - "{{ OPENSTACK_OSA_PATH }}"
     - "{{ OPENSTACK_OSA_ETC_PATH }}"
     - "{{ LOG_PATH }} "
+    - "{{ OPNFV_SSH_HOST_KEYS_PATH }}"
diff --git a/xci/var/opnfv.yml b/xci/var/opnfv.yml
index aa84d7b5..85f532ad 100644
--- a/xci/var/opnfv.yml
+++ b/xci/var/opnfv.yml
@@ -26,3 +26,4 @@ XCI_FLAVOR_ANSIBLE_FILE_PATH: "{{ lookup('env','XCI_FLAVOR_ANSIBLE_FILE_PATH') }
 XCI_LOOP: "{{ lookup('env','XCI_LOOP') }}"
 LOG_PATH: "{{ lookup('env','LOG_PATH') }}"
 OPNFV_HOST_IP: "{{ lookup('env','OPNFV_HOST_IP') }}"
+OPNFV_SSH_HOST_KEYS_PATH: "{{ lookup('env', 'OPNFV_SSH_HOST_KEYS_PATH') }}"