Use shell module to generate keys

openssh_keypair ansible module was moved to community.crypto collection from Ansible-Core 2.11, we can't use it now. For using it in the product we either need to package and add to deps and maintain the whole community.crypto module, either to use 'shell' command to generate the keys. Added "creates" so keys won't be overridden if they exists, keeping the idempotency. [1] [1] https://github.com/ansible-collections/community.crypto/blob/ 91d98c44137cde53726bfa8f61898f3c28041e20/plugins/module_utils/openssh/backends/common.py#L188 Change-Id: Ib9a31518ee9408d89abff4c4eb18a7cfe243fb58
2021-11-09 15:39:18 +02:00 · 2021-11-09 15:39:18 +02:00 · d5cdae7897
parent a6421dc36c
commit d5cdae7897
2 changed files with 15 additions and 6 deletions
--- a/tripleo_ansible/roles/octavia_undercloud/tasks/main.yml
+++ b/tripleo_ansible/roles/octavia_undercloud/tasks/main.yml
@ -58,8 +58,9 @@
        state: directory

    - name: Generate ssh key for Octavia
-      openssh_keypair:
-        path: "{{ ssh_key_dir }}/octavia_id_rsa"
+      shell: "ssh-keygen -q -t rsa -N '' -f {{ ssh_key_dir }}/octavia_id_rsa"
+      args:
+        creates: "{{ ssh_key_dir }}/octavia_id_rsa"
      no_log: "{{ octavia_undercloud_config_hide_sensitive_logs | bool }}"

    - name: Set ssh key path fact
--- a/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml
+++ b/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml
@ -36,20 +36,28 @@
        - "{{ tripleo_transfer_dest_host }}"

    - name: generate ssh key-pair in source host
-      community.crypto.openssh_keypair:
-        path: "{{ tripleo_transfer_key_location }}"
+      shell: "ssh-keygen -t rsa -q -N '' -f {{ tripleo_transfer_key_location }}"
+      args:
+        creates: "{{ tripleo_transfer_key_location }}"
+      delegate_to: "{{ tripleo_transfer_src_host }}"
+      become: "{{ tripleo_transfer_src_become }}"
+      register: keypair_generation
+
+    - name: register public key
+      command: "cat {{ tripleo_transfer_key_location }}.pub"
      delegate_to: "{{ tripleo_transfer_src_host }}"
      become: "{{ tripleo_transfer_src_become }}"
      register: keypair_gen
+      when: keypair_generation is succeeded

    - name: set authorized-keys in destination host
      authorized_key:
        comment: "Added by tripleo-transfer"
        user: "{{ ansible_user|default(ansible_ssh_user|default(hostvars[tripleo_transfer_dest_host].ansible_user_id)) }}"
        state: present
-        key: "{{ keypair_gen.public_key }}"
+        key: "{{ keypair_gen.stdout }}"
      delegate_to: "{{ tripleo_transfer_dest_host }}"
-      when: keypair_gen is succeeded
+      when: keypair_generation is succeeded

    - import_tasks: flag.yml
      when: