Merge "Add distribute_private_key boolean for tripleo_create_admin"
This commit is contained in:
commit
037897775d
|
@ -21,6 +21,7 @@
|
||||||
any_errors_fatal: true
|
any_errors_fatal: true
|
||||||
vars:
|
vars:
|
||||||
BlacklistedIpAddresses: []
|
BlacklistedIpAddresses: []
|
||||||
|
distribute_private_key: false
|
||||||
handlers:
|
handlers:
|
||||||
- name: Remove mistral tmp file
|
- name: Remove mistral tmp file
|
||||||
file:
|
file:
|
||||||
|
@ -226,7 +227,7 @@
|
||||||
- role: tripleo_create_admin
|
- role: tripleo_create_admin
|
||||||
tripleo_admin_user: tripleo-admin
|
tripleo_admin_user: tripleo-admin
|
||||||
tripleo_admin_pubkey: "{{ user_public_key }}"
|
tripleo_admin_pubkey: "{{ user_public_key }}"
|
||||||
|
tripleo_admin_prikey: "{{ user_private_key }}"
|
||||||
|
|
||||||
- name: Validate TripleO Admin Access
|
- name: Validate TripleO Admin Access
|
||||||
hosts: localhost:tripleo_queues
|
hosts: localhost:tripleo_queues
|
||||||
|
|
|
@ -26,3 +26,11 @@ tripleo_admin_generate_key: false
|
||||||
# When `tripleo_admin_pubkey` is defined an additional authorized key will
|
# When `tripleo_admin_pubkey` is defined an additional authorized key will
|
||||||
# added to the admin users authroized_keys file.
|
# added to the admin users authroized_keys file.
|
||||||
# tripleo_admin_pubkey: ssh-rsa AAAA...
|
# tripleo_admin_pubkey: ssh-rsa AAAA...
|
||||||
|
|
||||||
|
# When `tripleo_admin_prikey` is defined and not empty and when
|
||||||
|
# distribute_private_key is true, then a private key will
|
||||||
|
# be added to the admin user's home dir. It will be called
|
||||||
|
# "~/.ssh/id_rsa" and contain something like:
|
||||||
|
# tripleo_admin_prikey: -----BEGIN OPENSSH PRIVATE KEY-----\nb3B...
|
||||||
|
|
||||||
|
distribute_private_key: false
|
||||||
|
|
|
@ -26,3 +26,11 @@
|
||||||
vars:
|
vars:
|
||||||
tripleo_admin_user: tripleo-admin
|
tripleo_admin_user: tripleo-admin
|
||||||
tripleo_admin_pubkey: ssh-rsa AAAATEST
|
tripleo_admin_pubkey: ssh-rsa AAAATEST
|
||||||
|
|
||||||
|
- import_role:
|
||||||
|
name: tripleo_create_admin
|
||||||
|
tasks_from: distribute_key_files.yml
|
||||||
|
vars:
|
||||||
|
tripleo_admin_user: tripleo-admin
|
||||||
|
distribute_private_key: true
|
||||||
|
tripleo_admin_prikey: '-----BEGIN OPENSSH PRIVATE KEY-----'
|
||||||
|
|
|
@ -26,3 +26,5 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||||
def test_user_key_add(host):
|
def test_user_key_add(host):
|
||||||
auth_keys = host.file("/home/tripleo-admin/.ssh/authorized_keys")
|
auth_keys = host.file("/home/tripleo-admin/.ssh/authorized_keys")
|
||||||
assert 'ssh-rsa AAAATEST' in auth_keys.content_string
|
assert 'ssh-rsa AAAATEST' in auth_keys.content_string
|
||||||
|
private_key = host.file("/home/tripleo-admin/.ssh/id_rsa")
|
||||||
|
assert '-----BEGIN OPENSSH PRIVATE KEY-----' in private_key.content_string
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
- name: authorize TripleO Mistral key for user {{ tripleo_admin_user }}
|
- name: authorize TripleO key for user {{ tripleo_admin_user }}
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
|
path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
|
||||||
line: '{{ tripleo_admin_pubkey }}'
|
line: '{{ tripleo_admin_pubkey }}'
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
# Copyright 2021 Red Hat, Inc.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
- name: Install private key on nodes for user {{ tripleo_admin_user }}
|
||||||
|
copy:
|
||||||
|
dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa
|
||||||
|
content: "{{ tripleo_admin_prikey }}"
|
||||||
|
owner: "{{ tripleo_admin_user }}"
|
||||||
|
group: "{{ tripleo_admin_user }}"
|
||||||
|
mode: '0600'
|
||||||
|
when:
|
||||||
|
- distribute_private_key | bool
|
||||||
|
- tripleo_admin_prikey is defined
|
||||||
|
- tripleo_admin_prikey | length > 0
|
||||||
|
|
||||||
|
- name: Install public key on nodes for user {{ tripleo_admin_user }}
|
||||||
|
copy:
|
||||||
|
dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa.pub
|
||||||
|
content: "{{ tripleo_admin_pubkey }}"
|
||||||
|
owner: "{{ tripleo_admin_user }}"
|
||||||
|
group: "{{ tripleo_admin_user }}"
|
||||||
|
mode: '0644'
|
||||||
|
when:
|
||||||
|
- distribute_private_key | bool
|
||||||
|
- tripleo_admin_pubkey is defined
|
||||||
|
- tripleo_admin_pubkey | length > 0
|
|
@ -17,3 +17,5 @@
|
||||||
|
|
||||||
- import_tasks: create_user.yml
|
- import_tasks: create_user.yml
|
||||||
- import_tasks: authorize_user.yml
|
- import_tasks: authorize_user.yml
|
||||||
|
- import_tasks: distribute_key_files.yml
|
||||||
|
when: distribute_private_key | bool
|
||||||
|
|
Loading…
Reference in New Issue