From 723d3bfe75a2007b6316e4f4fb4d4e7d7ac266ea Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Wed, 10 May 2017 11:37:38 +0100 Subject: [PATCH] prototypes: xci: Move host keys away from / directory Putting the host keys in '/' requires root privileges so it's best if we place them in the same directory like the rest of the XCI files. Change-Id: I030ed3d6cbb57bb984a78aeffb4eca2bd5c10bb0 Signed-off-by: Markos Chandras --- prototypes/xci/config/user-vars | 1 + prototypes/xci/playbooks/configure-opnfvhost.yml | 10 ++++++++-- prototypes/xci/playbooks/roles/remove-folders/tasks/main.yml | 1 + prototypes/xci/var/opnfv.yml | 1 + 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/prototypes/xci/config/user-vars b/prototypes/xci/config/user-vars index 135db71c6..f9de940a2 100755 --- a/prototypes/xci/config/user-vars +++ b/prototypes/xci/config/user-vars @@ -32,6 +32,7 @@ export XCI_DEVEL_ROOT=${XCI_DEVEL_ROOT:-"/tmp/.xci-deploy-env"} export OPNFV_RELENG_PATH="${XCI_DEVEL_ROOT}/releng" export OPENSTACK_BIFROST_PATH="${XCI_DEVEL_ROOT}/bifrost" export OPENSTACK_OSA_PATH="${XCI_DEVEL_ROOT}/openstack-ansible" +export OPNFV_SSH_HOST_KEYS_PATH="${XCI_DEVEL_ROOT}/ssh_host_keys" #------------------------------------------------------------------------------- # Set the playbook to use for OpenStack deployment diff --git a/prototypes/xci/playbooks/configure-opnfvhost.yml b/prototypes/xci/playbooks/configure-opnfvhost.yml index 28e6b2178..af90c9dc0 100644 --- a/prototypes/xci/playbooks/configure-opnfvhost.yml +++ b/prototypes/xci/playbooks/configure-opnfvhost.yml @@ -55,8 +55,12 @@ shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" args: creates: /root/.ssh/id_rsa + - name: ensure ssh key storage directory exists + file: + path: "{{ OPNFV_SSH_HOST_KEYS_PATH }}" + state: directory - name: fetch public key - fetch: src="/root/.ssh/id_rsa.pub" dest="/" + fetch: src="/root/.ssh/id_rsa.pub" dest="{{ OPNFV_SSH_HOST_KEYS_PATH }}" - name: copy flavor inventory shell: "/bin/cp -rf {{XCI_FLAVOR_ANSIBLE_FILE_PATH}}/inventory {{OPNFV_RELENG_PATH}}/prototypes/xci/playbooks" - name: copy flavor vars @@ -89,8 +93,10 @@ chdir: "{{OPENSTACK_OSA_PATH}}/scripts" - hosts: localhost remote_user: root + vars_files: + - ../var/opnfv.yml tasks: - name: Generate authorized_keys - shell: "/bin/cat /opnfv/root/.ssh/id_rsa.pub >> ../file/authorized_keys" + shell: "/bin/cat {{ OPNFV_SSH_HOST_KEYS_PATH }}/opnfv/root/.ssh/id_rsa.pub >> ../file/authorized_keys" - name: Append public keys to authorized_keys shell: "/bin/cat /root/.ssh/id_rsa.pub >> ../file/authorized_keys" diff --git a/prototypes/xci/playbooks/roles/remove-folders/tasks/main.yml b/prototypes/xci/playbooks/roles/remove-folders/tasks/main.yml index ac8c0f7dc..425b8dbf4 100644 --- a/prototypes/xci/playbooks/roles/remove-folders/tasks/main.yml +++ b/prototypes/xci/playbooks/roles/remove-folders/tasks/main.yml @@ -18,3 +18,4 @@ - "{{ OPENSTACK_OSA_PATH }}" - "{{ OPENSTACK_OSA_ETC_PATH }}" - "{{ LOG_PATH }} " + - "{{ OPNFV_SSH_HOST_KEYS_PATH }}" diff --git a/prototypes/xci/var/opnfv.yml b/prototypes/xci/var/opnfv.yml index aa84d7b54..85f532ad2 100644 --- a/prototypes/xci/var/opnfv.yml +++ b/prototypes/xci/var/opnfv.yml @@ -26,3 +26,4 @@ XCI_FLAVOR_ANSIBLE_FILE_PATH: "{{ lookup('env','XCI_FLAVOR_ANSIBLE_FILE_PATH') } XCI_LOOP: "{{ lookup('env','XCI_LOOP') }}" LOG_PATH: "{{ lookup('env','LOG_PATH') }}" OPNFV_HOST_IP: "{{ lookup('env','OPNFV_HOST_IP') }}" +OPNFV_SSH_HOST_KEYS_PATH: "{{ lookup('env', 'OPNFV_SSH_HOST_KEYS_PATH') }}" -- 2.16.6