Merge "Add distribute_private_key boolean for tripleo_create_admin"

This commit is contained in:
Zuul 2021-01-06 12:09:13 +00:00 committed by Gerrit Code Review
commit 037897775d
7 changed files with 62 additions and 2 deletions

View File

@ -21,6 +21,7 @@
any_errors_fatal: true any_errors_fatal: true
vars: vars:
BlacklistedIpAddresses: [] BlacklistedIpAddresses: []
distribute_private_key: false
handlers: handlers:
- name: Remove mistral tmp file - name: Remove mistral tmp file
file: file:
@ -226,7 +227,7 @@
- role: tripleo_create_admin - role: tripleo_create_admin
tripleo_admin_user: tripleo-admin tripleo_admin_user: tripleo-admin
tripleo_admin_pubkey: "{{ user_public_key }}" tripleo_admin_pubkey: "{{ user_public_key }}"
tripleo_admin_prikey: "{{ user_private_key }}"
- name: Validate TripleO Admin Access - name: Validate TripleO Admin Access
hosts: localhost:tripleo_queues hosts: localhost:tripleo_queues

View File

@ -26,3 +26,11 @@ tripleo_admin_generate_key: false
# When `tripleo_admin_pubkey` is defined an additional authorized key will # When `tripleo_admin_pubkey` is defined an additional authorized key will
# added to the admin users authroized_keys file. # added to the admin users authroized_keys file.
# tripleo_admin_pubkey: ssh-rsa AAAA... # tripleo_admin_pubkey: ssh-rsa AAAA...
# When `tripleo_admin_prikey` is defined and not empty and when
# distribute_private_key is true, then a private key will
# be added to the admin user's home dir. It will be called
# "~/.ssh/id_rsa" and contain something like:
# tripleo_admin_prikey: -----BEGIN OPENSSH PRIVATE KEY-----\nb3B...
distribute_private_key: false

View File

@ -26,3 +26,11 @@
vars: vars:
tripleo_admin_user: tripleo-admin tripleo_admin_user: tripleo-admin
tripleo_admin_pubkey: ssh-rsa AAAATEST tripleo_admin_pubkey: ssh-rsa AAAATEST
- import_role:
name: tripleo_create_admin
tasks_from: distribute_key_files.yml
vars:
tripleo_admin_user: tripleo-admin
distribute_private_key: true
tripleo_admin_prikey: '-----BEGIN OPENSSH PRIVATE KEY-----'

View File

@ -26,3 +26,5 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
def test_user_key_add(host): def test_user_key_add(host):
auth_keys = host.file("/home/tripleo-admin/.ssh/authorized_keys") auth_keys = host.file("/home/tripleo-admin/.ssh/authorized_keys")
assert 'ssh-rsa AAAATEST' in auth_keys.content_string assert 'ssh-rsa AAAATEST' in auth_keys.content_string
private_key = host.file("/home/tripleo-admin/.ssh/id_rsa")
assert '-----BEGIN OPENSSH PRIVATE KEY-----' in private_key.content_string

View File

@ -15,7 +15,7 @@
# under the License. # under the License.
- name: authorize TripleO Mistral key for user {{ tripleo_admin_user }} - name: authorize TripleO key for user {{ tripleo_admin_user }}
lineinfile: lineinfile:
path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
line: '{{ tripleo_admin_pubkey }}' line: '{{ tripleo_admin_pubkey }}'

View File

@ -0,0 +1,39 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Install private key on nodes for user {{ tripleo_admin_user }}
copy:
dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa
content: "{{ tripleo_admin_prikey }}"
owner: "{{ tripleo_admin_user }}"
group: "{{ tripleo_admin_user }}"
mode: '0600'
when:
- distribute_private_key | bool
- tripleo_admin_prikey is defined
- tripleo_admin_prikey | length > 0
- name: Install public key on nodes for user {{ tripleo_admin_user }}
copy:
dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa.pub
content: "{{ tripleo_admin_pubkey }}"
owner: "{{ tripleo_admin_user }}"
group: "{{ tripleo_admin_user }}"
mode: '0644'
when:
- distribute_private_key | bool
- tripleo_admin_pubkey is defined
- tripleo_admin_pubkey | length > 0

View File

@ -17,3 +17,5 @@
- import_tasks: create_user.yml - import_tasks: create_user.yml
- import_tasks: authorize_user.yml - import_tasks: authorize_user.yml
- import_tasks: distribute_key_files.yml
when: distribute_private_key | bool