From 3125263df0ada02ec8c5a160e47fe35e4e87cec8 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Fri, 13 Oct 2023 21:25:52 +0200 Subject: [PATCH] Stop generating ssh keypair for zun and kuryr user There is no obvious need to have an SSH keypairs for zun and kuryr users I was not able to find any proof in the project installation guide that such keypairs were ever needed. Thus, such functionality is removed. Change-Id: Icdaf2fec944aae95947ff421bf47d88e0cc0505e --- defaults/main.yml | 4 ---- .../no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml | 7 +++++++ tasks/zun_compute.yml | 17 ----------------- tasks/zun_pre_install.yml | 17 ----------------- 4 files changed, 7 insertions(+), 38 deletions(-) create mode 100644 releasenotes/notes/no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 00bd7d5..28c5b51 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -230,10 +230,6 @@ zun_service_internaluri: "{{ zun_service_internaluri_proto }}://{{ internal_lb_v zun_service_internalurl: "{{ zun_service_internaluri }}" zun_service_endpoint_type: internalURL -# If you want to regenerate the zun users SSH keys, on each run, set this var to True -# Otherwise keys will be generated on the first run and not regenerated each run. -zun_recreate_keys: False - ## General Zun configuration # Select between the 'runc' or 'kata' runtime zun_container_runtime: runc diff --git a/releasenotes/notes/no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml b/releasenotes/notes/no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml new file mode 100644 index 0000000..d37356b --- /dev/null +++ b/releasenotes/notes/no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml @@ -0,0 +1,7 @@ +--- + +deprecations: + - | + Generation of SSH keypairs for Zun and Kuryr users has been deprecated + and removed. + A variable ``zun_recreate_keys`` has been removed and has no effect. diff --git a/tasks/zun_compute.yml b/tasks/zun_compute.yml index b7b309f..62f243b 100644 --- a/tasks/zun_compute.yml +++ b/tasks/zun_compute.yml @@ -189,20 +189,6 @@ tags: - zun-kuryr-group -- name: Remove old kuryr key file(s) if found - file: - path: "{{ item }}" - state: "absent" - with_items: - - "{{ zun_kuryr_system_home_folder }}/.ssh/authorized_keys" - - "{{ zun_kuryr_system_home_folder }}/.ssh/id_rsa" - - "{{ zun_kuryr_system_home_folder }}/.ssh/id_rsa.pub" - when: - - zun_recreate_keys | bool - tags: - - zun-kuryr-key - - zun-kuryr-key-create - - name: Create the kuryr system user user: name: "{{ zun_kuryr_system_user_name }}" @@ -213,12 +199,9 @@ system: "yes" createhome: "yes" home: "{{ zun_kuryr_system_home_folder }}" - generate_ssh_key: "yes" when: zun_kuryr_system_user_name != 'root' tags: - zun-kuryr-user - - zun-kuryr-key - - zun-kuryr-key-create - name: Create kuryr dir file: diff --git a/tasks/zun_pre_install.yml b/tasks/zun_pre_install.yml index 9ba12d0..cd5a64a 100644 --- a/tasks/zun_pre_install.yml +++ b/tasks/zun_pre_install.yml @@ -22,20 +22,6 @@ tags: - zun-group -- name: Remove old key file(s) if found - file: - path: "{{ item }}" - state: "absent" - with_items: - - "{{ zun_system_home_folder }}/.ssh/authorized_keys" - - "{{ zun_system_home_folder }}/.ssh/id_rsa" - - "{{ zun_system_home_folder }}/.ssh/id_rsa.pub" - when: - - zun_recreate_keys | bool - tags: - - zun-key - - zun-key-create - - name: Create the zun system user user: name: "{{ zun_system_user_name }}" @@ -46,11 +32,8 @@ system: "yes" createhome: "yes" home: "{{ zun_system_home_folder }}" - generate_ssh_key: "yes" tags: - zun-user - - zun-key - - zun-key-create - name: Create zun dir file: