From 5be9b6fa7ab8c23514677e6732b9fdf217e2525f Mon Sep 17 00:00:00 2001 From: Andrey Shestakov Date: Sat, 14 Jan 2017 00:38:28 +0200 Subject: [PATCH] Allow user to specify private SSH key This change allows insert user specified private ssh key for ironic. This is required for ansible deploy driver, and can be useful for another ssh based drivers. Change-Id: I203963c9aefa55e9c88f2a37e43b3ef440d02e23 --- .../add-private-key-9788621be14ba324.yaml | 6 ++++++ .../roles/bifrost-ironic-install/README.md | 8 +++++++ .../tasks/bootstrap.yml | 21 ++++++++++++++++++- .../tasks/set_ssh_private_key.yml | 12 +++++++++++ 4 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 playbooks/releasenotes/notes/add-private-key-9788621be14ba324.yaml create mode 100644 playbooks/roles/bifrost-ironic-install/tasks/set_ssh_private_key.yml diff --git a/playbooks/releasenotes/notes/add-private-key-9788621be14ba324.yaml b/playbooks/releasenotes/notes/add-private-key-9788621be14ba324.yaml new file mode 100644 index 000000000..c3dfb8eb4 --- /dev/null +++ b/playbooks/releasenotes/notes/add-private-key-9788621be14ba324.yaml @@ -0,0 +1,6 @@ +--- +features: + - Allow user to insert private SSH key for ironic user. + This is useful for ansible deploy driver and another ssh based drivers. + The private key can be specified as path to local file in + ``ssh_private_key_path`` variable, or as string in ``ssh_private_key``. diff --git a/playbooks/roles/bifrost-ironic-install/README.md b/playbooks/roles/bifrost-ironic-install/README.md index f868fe41d..7551f35a0 100644 --- a/playbooks/roles/bifrost-ironic-install/README.md +++ b/playbooks/roles/bifrost-ironic-install/README.md @@ -231,6 +231,14 @@ bifrost_venv_env: An environment dictionary that includes the environment It is best not to reset this value unless you know you need to. +ssh_private_key_path: Defines the path to the SSH private key file to be + placed as default ssh key for ironic user. Can be useful + when ironic requires ssh access to another server. + +ssh_private_key: If a user wishes to define an SSH private key as a string, + this variable can be utilized which overrides the + ssh_private_key_path setting. + Notes ----- diff --git a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml index 5b8cb6e1f..2d25fe302 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml @@ -163,6 +163,12 @@ - name: "Add ironic user to virtualization group" user: name=ironic group="{{ virt_group }}" append=yes when: testing | bool == true +- name: "Identify ssh_private_key from ssh_private_key_path" + include: set_ssh_private_key.yml + when: > + testing | bool == false and + ssh_private_key is undefined and + ssh_private_key_path is defined - name: "Create SSH directory for ironic user" local_action: > file @@ -171,7 +177,20 @@ group=ironic mode=0700 state=directory - when: testing | bool == true + when: > + testing | bool == true or + ssh_private_key is defined +- name: "Set private key file" + copy: + content: "{{ ssh_private_key }}" + dest: /home/ironic/.ssh/id_rsa + owner: ironic + group: ironic + mode: 0600 + no_log: true + when: > + testing | bool == false and + ssh_private_key is defined - name: "Check for ironic user SSH key" local_action: stat path=/home/ironic/.ssh/id_rsa register: test_ironic_pvt_key diff --git a/playbooks/roles/bifrost-ironic-install/tasks/set_ssh_private_key.yml b/playbooks/roles/bifrost-ironic-install/tasks/set_ssh_private_key.yml new file mode 100644 index 000000000..959d3a4ce --- /dev/null +++ b/playbooks/roles/bifrost-ironic-install/tasks/set_ssh_private_key.yml @@ -0,0 +1,12 @@ +--- +- name: "Defined ssh_private_key_path - Check to see if there is a file where the ssh_private_key_path is defined" + local_action: stat path={{ ssh_private_key_path }} + register: test_ssh_private_key_path + +- name: "Defined ssh_private_key_path - Error if ssh_private_key_path is not valid" + local_action: fail msg="ssh_private_key_path is not valid." + when: test_ssh_private_key_path.stat.exists == false + +- name: "Defined ssh_private_key_path - Read SSH private key in" + set_fact: ssh_private_key="{{ lookup('file', ssh_private_key_path ) }}" + no_log: true