openstack/openstack-ansible
Code Issues Proposed changes
1c22ffa986
openstack-ansible/playbooks/lxc-containers-create.yml
Kevin Carter f1ecad70a2 Fixed container user create issue 
This patch resolves an issue where the LXC container create user
password is being hard coded due to how the default LXC container
template is being used. The template allows for a container to be
created without specifying a password at create time however when
doing this the default LXC template will create a user and a
password based on the linux distribution's name. This means that
all users of a "ubuntu" template will have a "ubuntu" user which
will have a "ubuntu" password. While the container user must exist
the password does not need to be known to the end user/deployer
because there are other means to gain access to a container from
within the host. So to correct this issue for all deployers as
well as all future deployments this patch ensures that the container
user is created with a random password and provides for an additional
tag to allow the deployer to regenerate the password at will.

Change-Id: I81d0e8b0d8e9e431cd8eebd43ceaffab7e61b207
Closes-Bug: 1437054
2015-05-04 21:31:13 +00:00

36 lines
1.3 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create container(s)
hosts: "{{ container_group|default('all_containers') }}"
max_fail_percentage: 20
gather_facts: false
user: root
roles:
- { role: "lxc_container_create", tags: [ "lxc-container-create" ] }
post_tasks:
- name: Wait for ssh to be available
local_action:
module: wait_for
port: "{{ ansible_ssh_port | default('22') }}"
host: "{{ ansible_ssh_host | default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 1
tags:
- lxc-container-wait-for-ssh
vars:
ansible_hostname: "{{ container_name }}"
is_metal: "{{ properties.is_metal|default(false) }}"
lxc_container_release: "{{ properties.container_release|default('trusty') }}"
View Git Blame Copy Permalink