dad9515c35
Sometimes a test will result in a failure, but it takes more time than necessary to find the failure due to Ansible continuing to execute on other hosts after removing one from the play execution. This patch ensures that any error will result in an immediate failure so that the fatal error is easier to find. Change-Id: I4e89bfdb1e48d0ac65f9fb8549e55a19ab773f9f
116 lines
3.4 KiB
YAML
116 lines
3.4 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Note(andymccr):
|
|
# This uses local connection for the initial key setup
|
|
# as no key is setup to allow a connection to localhost
|
|
# as a remote host.
|
|
- name: Playbook for establishing ssh keys
|
|
hosts: localhost
|
|
gather_facts: false
|
|
any_errors_fatal: true
|
|
connection: local
|
|
become: true
|
|
tasks:
|
|
- name: Ensure root has a .ssh directory
|
|
file:
|
|
path: /root/.ssh
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
|
|
- name: Create ssh key pair for root
|
|
user:
|
|
name: root
|
|
generate_ssh_key: yes
|
|
ssh_key_bits: 2048
|
|
ssh_key_file: /root/.ssh/id_rsa
|
|
|
|
- name: Get root private key
|
|
command: cat /root/.ssh/id_rsa
|
|
register: private_key_get
|
|
changed_when: false
|
|
|
|
- name: Get root public key
|
|
command: cat /root/.ssh/id_rsa.pub
|
|
register: public_key_get
|
|
changed_when: false
|
|
|
|
- name: Set key facts
|
|
set_fact:
|
|
root_public_key: "{{ public_key_get.stdout }}"
|
|
root_private_key: "{{ private_key_get.stdout }}"
|
|
lxc_container_ssh_key: "{{ public_key_get.stdout }}"
|
|
|
|
- name: Ensure root can ssh to localhost
|
|
authorized_key:
|
|
user: "root"
|
|
key: "{{ root_public_key }}"
|
|
|
|
|
|
# Note(hwoarang):
|
|
# This uses local connection for the initial key setup
|
|
# as no key is setup to allow a connection to localhost
|
|
# as a remote host.
|
|
- name: Playbook for establishing user ssh keys
|
|
hosts: localhost
|
|
connection: local
|
|
become: false
|
|
any_errors_fatal: true
|
|
tasks:
|
|
# Shell used because facts may not be ready yet
|
|
- name: Get user home directory
|
|
shell: "getent passwd '{{ ansible_user_id }}' | cut -d':' -f6"
|
|
register: user_home
|
|
changed_when: false
|
|
|
|
- name: Set local user home fact
|
|
set_fact:
|
|
calling_user_home: "{{ user_home.stdout }}"
|
|
|
|
- name: Ensure user has a .ssh directory
|
|
file:
|
|
path: "{{ calling_user_home }}/.ssh"
|
|
state: directory
|
|
owner: "{{ ansible_user_id }}"
|
|
group: "{{ ansible_user_gid }}"
|
|
mode: 0700
|
|
when: ansible_user_id != 'root'
|
|
|
|
- name: Ensure user has the known private key
|
|
copy:
|
|
content: "{{ root_private_key }}"
|
|
dest: "{{ calling_user_home }}/.ssh/id_rsa"
|
|
owner: "{{ ansible_user_id }}"
|
|
group: "{{ ansible_user_gid }}"
|
|
mode: "0600"
|
|
when: ansible_user_id != 'root'
|
|
|
|
- name: Ensure user has the known public key
|
|
copy:
|
|
content: "{{ root_public_key }}"
|
|
dest: "{{ calling_user_home }}/.ssh/id_rsa.pub"
|
|
owner: "{{ ansible_user_id }}"
|
|
group: "{{ ansible_user_gid }}"
|
|
mode: "0600"
|
|
when: ansible_user_id != 'root'
|
|
|
|
- name: Ensure local user can ssh to localhost
|
|
authorized_key:
|
|
user: "{{ ansible_user_id }}"
|
|
key: "{{ root_public_key }}"
|
|
when: ansible_user_id != 'root'
|