3d65bce9b3
Add boolean option to distribute the private key which is created by the cli-enable-ssh-admin.yaml playbook and update the tripleo_create_admin role to distribute the private key when it is true. This option defaults to false as we normally don't want to do this. However, cephadm needs a private key on all nodes with the OS::TripleO::Services::CephMgr service in order to manage a Ceph cluster. This option will likely only be used for the ceph-admin user which is similar to but not the same as the tripleo-admin user. Also, remove old reference to Mistral in task name. Implements: blueprint tripleo-ceph Change-Id: I69c74c1869aa0f54c1695fd53098df7e78f64247
37 lines
1.3 KiB
YAML
37 lines
1.3 KiB
YAML
---
|
|
# Copyright 2019 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
# All variables intended for modification should be placed in this file.
|
|
|
|
# Set the default admin user
|
|
tripleo_admin_user: tripleo-admin
|
|
|
|
# Enable or disable key generation for the defined user
|
|
tripleo_admin_generate_key: false
|
|
|
|
# When `tripleo_admin_pubkey` is defined an additional authorized key will
|
|
# added to the admin users authroized_keys file.
|
|
# tripleo_admin_pubkey: ssh-rsa AAAA...
|
|
|
|
# When `tripleo_admin_prikey` is defined and not empty and when
|
|
# distribute_private_key is true, then a private key will
|
|
# be added to the admin user's home dir. It will be called
|
|
# "~/.ssh/id_rsa" and contain something like:
|
|
# tripleo_admin_prikey: -----BEGIN OPENSSH PRIVATE KEY-----\nb3B...
|
|
|
|
distribute_private_key: false
|