openstack/openstack-ansible-tests
Code Issues Proposed changes
7e0d923ffc
openstack-ansible-tests/test-prepare-keys.yml
Jesse Pretorius dad9515c35 Implement any_errors_fatal for all test playbooks 
Sometimes a test will result in a failure, but it
takes more time than necessary to find the failure
due to Ansible continuing to execute on other hosts
after removing one from the play execution.

This patch ensures that any error will result in
an immediate failure so that the fatal error is
easier to find.

Change-Id: I4e89bfdb1e48d0ac65f9fb8549e55a19ab773f9f
2017-07-17 10:09:11 +00:00

116 lines
3.4 KiB
YAML
Raw Blame History

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note(andymccr):
# This uses local connection for the initial key setup
# as no key is setup to allow a connection to localhost
# as a remote host.
- name: Playbook for establishing ssh keys
hosts: localhost
gather_facts: false
any_errors_fatal: true
connection: local
become: true
tasks:
- name: Ensure root has a .ssh directory
file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: 0700
- name: Create ssh key pair for root
user:
name: root
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: /root/.ssh/id_rsa
- name: Get root private key
command: cat /root/.ssh/id_rsa
register: private_key_get
changed_when: false
- name: Get root public key
command: cat /root/.ssh/id_rsa.pub
register: public_key_get
changed_when: false
- name: Set key facts
set_fact:
root_public_key: "{{ public_key_get.stdout }}"
root_private_key: "{{ private_key_get.stdout }}"
lxc_container_ssh_key: "{{ public_key_get.stdout }}"
- name: Ensure root can ssh to localhost
authorized_key:
user: "root"
key: "{{ root_public_key }}"
# Note(hwoarang):
# This uses local connection for the initial key setup
# as no key is setup to allow a connection to localhost
# as a remote host.
- name: Playbook for establishing user ssh keys
hosts: localhost
connection: local
become: false
any_errors_fatal: true
tasks:
# Shell used because facts may not be ready yet
- name: Get user home directory
shell: "getent passwd '{{ ansible_user_id }}' | cut -d':' -f6"
register: user_home
changed_when: false
- name: Set local user home fact
set_fact:
calling_user_home: "{{ user_home.stdout }}"
- name: Ensure user has a .ssh directory
file:
path: "{{ calling_user_home }}/.ssh"
state: directory
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
mode: 0700
when: ansible_user_id != 'root'
- name: Ensure user has the known private key
copy:
content: "{{ root_private_key }}"
dest: "{{ calling_user_home }}/.ssh/id_rsa"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
mode: "0600"
when: ansible_user_id != 'root'
- name: Ensure user has the known public key
copy:
content: "{{ root_public_key }}"
dest: "{{ calling_user_home }}/.ssh/id_rsa.pub"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
mode: "0600"
when: ansible_user_id != 'root'
- name: Ensure local user can ssh to localhost
authorized_key:
user: "{{ ansible_user_id }}"
key: "{{ root_public_key }}"
when: ansible_user_id != 'root'
View Git Blame Copy Permalink