Browse Source

Merge "Add distribute_private_key boolean for tripleo_create_admin"

changes/83/769983/1
Zuul 7 months ago
committed by Gerrit Code Review
parent
commit
037897775d
  1. 3
      tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml
  2. 8
      tripleo_ansible/roles/tripleo_create_admin/defaults/main.yml
  3. 8
      tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/converge.yml
  4. 2
      tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/tests/test_keyadd.py
  5. 2
      tripleo_ansible/roles/tripleo_create_admin/tasks/authorize_user.yml
  6. 39
      tripleo_ansible/roles/tripleo_create_admin/tasks/distribute_key_files.yml
  7. 2
      tripleo_ansible/roles/tripleo_create_admin/tasks/main.yml

3
tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml

@ -21,6 +21,7 @@
any_errors_fatal: true
vars:
BlacklistedIpAddresses: []
distribute_private_key: false
handlers:
- name: Remove mistral tmp file
file:
@ -226,7 +227,7 @@
- role: tripleo_create_admin
tripleo_admin_user: tripleo-admin
tripleo_admin_pubkey: "{{ user_public_key }}"
tripleo_admin_prikey: "{{ user_private_key }}"
- name: Validate TripleO Admin Access
hosts: localhost:tripleo_queues

8
tripleo_ansible/roles/tripleo_create_admin/defaults/main.yml

@ -26,3 +26,11 @@ tripleo_admin_generate_key: false
# When `tripleo_admin_pubkey` is defined an additional authorized key will
# added to the admin users authroized_keys file.
# tripleo_admin_pubkey: ssh-rsa AAAA...
# When `tripleo_admin_prikey` is defined and not empty and when
# distribute_private_key is true, then a private key will
# be added to the admin user's home dir. It will be called
# "~/.ssh/id_rsa" and contain something like:
# tripleo_admin_prikey: -----BEGIN OPENSSH PRIVATE KEY-----\nb3B...
distribute_private_key: false

8
tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/converge.yml

@ -26,3 +26,11 @@
vars:
tripleo_admin_user: tripleo-admin
tripleo_admin_pubkey: ssh-rsa AAAATEST
- import_role:
name: tripleo_create_admin
tasks_from: distribute_key_files.yml
vars:
tripleo_admin_user: tripleo-admin
distribute_private_key: true
tripleo_admin_prikey: '-----BEGIN OPENSSH PRIVATE KEY-----'

2
tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/tests/test_keyadd.py

@ -26,3 +26,5 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def test_user_key_add(host):
auth_keys = host.file("/home/tripleo-admin/.ssh/authorized_keys")
assert 'ssh-rsa AAAATEST' in auth_keys.content_string
private_key = host.file("/home/tripleo-admin/.ssh/id_rsa")
assert '-----BEGIN OPENSSH PRIVATE KEY-----' in private_key.content_string

2
tripleo_ansible/roles/tripleo_create_admin/tasks/authorize_user.yml

@ -15,7 +15,7 @@
# under the License.
- name: authorize TripleO Mistral key for user {{ tripleo_admin_user }}
- name: authorize TripleO key for user {{ tripleo_admin_user }}
lineinfile:
path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
line: '{{ tripleo_admin_pubkey }}'

39
tripleo_ansible/roles/tripleo_create_admin/tasks/distribute_key_files.yml

@ -0,0 +1,39 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Install private key on nodes for user {{ tripleo_admin_user }}
copy:
dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa
content: "{{ tripleo_admin_prikey }}"
owner: "{{ tripleo_admin_user }}"
group: "{{ tripleo_admin_user }}"
mode: '0600'
when:
- distribute_private_key | bool
- tripleo_admin_prikey is defined
- tripleo_admin_prikey | length > 0
- name: Install public key on nodes for user {{ tripleo_admin_user }}
copy:
dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa.pub
content: "{{ tripleo_admin_pubkey }}"
owner: "{{ tripleo_admin_user }}"
group: "{{ tripleo_admin_user }}"
mode: '0644'
when:
- distribute_private_key | bool
- tripleo_admin_pubkey is defined
- tripleo_admin_pubkey | length > 0

2
tripleo_ansible/roles/tripleo_create_admin/tasks/main.yml

@ -17,3 +17,5 @@
- import_tasks: create_user.yml
- import_tasks: authorize_user.yml
- import_tasks: distribute_key_files.yml
when: distribute_private_key | bool
Loading…
Cancel
Save