openstack/tripleo-ansible
Code Issues Proposed changes
Files
5fccdd3c2ce9a6259b1b38e950e638ad0b2c46fc
tripleo-ansible/tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml
Kevin Carter 2fa1f3aa21 Cleanup old mistral key process 
This change removes the old function that retrieved keys from mistral.
The use of mistral for key storage has been removed and this functionality
is no longer required.

Story: 2007435
Task: 39082

Change-Id: I27285accfa6a4dd8259ed7053ad91f59dd19a5bb
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2020-03-17 12:52:55 +00:00

208 lines
6.6 KiB
YAML
Raw Blame History

---
# Copyright 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Playbook for establishing ssh keys
connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}"
hosts: "{{ tripleo_target_host | default('localhost') }}"
remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}"
gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
any_errors_fatal: true
handlers:
- name: Remove mistral tmp file
file:
path: "{{ tempfile_1.path }}"
state: absent
tasks:
- name: No ssh servers defined
fail:
msg: >-
The ssh_servers option was undefined.
when:
- ssh_servers is undefined
- name: No cloud name is defined
fail:
msg: >-
The tripleo_cloud_name option was undefined.
when:
- tripleo_cloud_name is undefined
- name: Run blacklist IP check
command: >-
openstack --os-cloud undercloud stack output show {{ tripleo_cloud_name }} BlacklistedIpAddresses -f yaml
register: blacklist_cmd
changed_when: false
async: 1000
poll: 0
- name: Retrieve compute managed network ports
os_port_facts:
cloud: undercloud
filters:
status: ACTIVE
changed_when: false
register: port_check
async: 1000
poll: 0
- name: Set local connection user facts
set_fact:
ansible_home: "{{ lookup('env', 'HOME') }}"
ansible_user: "{{ lookup('env', 'USER') }}"
run_once: true
when:
- (tripleo_target_host is defined) | ternary('ssh', 'local') == 'local'
- name: Set facts for ssh servers and user private key file
set_fact:
set_ssh_servers: "{{ ssh_servers }}"
defined_user_private_key_file: "{{ user_private_key_file | default(ansible_home ~ '/.ssh/id_rsa_tripleo') }}"
run_once: true
- name: Ensure .ssh directory
file:
path: "{{ ansible_home }}/.ssh"
state: directory
mode: "0700"
owner: "{{ ansible_user }}"
become: true
- name: Ensure ssh key pair
user:
name: "{{ ansible_user }}"
generate_ssh_key: true
ssh_key_bits: 4096
ssh_key_file: "{{ ansible_home }}/.ssh/id_rsa"
become: true
- name: Key block
run_once: true
block:
- name: Get local private key
slurp:
src: "{{ defined_user_private_key_file }}"
register: private_key_get
become: true
- name: Get local public key
slurp:
src: "{{ defined_user_private_key_file }}.pub"
register: public_key_get
become: true
- name: Set key facts
set_fact:
user_public_key: "{{ public_key_get['content'] | b64decode }}"
user_private_key: "{{ private_key_get['content'] | b64decode }}"
user_private_key_file: "{{ defined_user_private_key_file }}"
rescue:
- name: Get local private key
slurp:
src: "{{ ansible_home }}/.ssh/id_rsa"
register: private_key_get
become: true
- name: Get local public key
slurp:
src: "{{ ansible_home }}/.ssh/id_rsa.pub"
register: public_key_get
become: true
- name: Set key facts
set_fact:
user_public_key: "{{ public_key_get['content'] | b64decode }}"
user_private_key: "{{ private_key_get['content'] | b64decode }}"
- name: Write tripleo private key
copy:
content: "{{ user_private_key }}"
dest: "{{ defined_user_private_key_file }}"
mode: "0600"
- name: Write tripleo public key
copy:
content: "{{ user_public_key }}"
dest: "{{ defined_user_private_key_file }}.pub"
mode: "0640"
- name: Set key file fact
set_fact:
user_private_key_file: "{{ defined_user_private_key_file }}"
- name: Ensure user can ssh to localhost
authorized_key:
user: "{{ ansible_user }}"
key: "{{ user_public_key }}"
become: true
- name: Block on async blacklist check
async_status:
jid: "{{ blacklist_cmd.ansible_job_id }}"
register: blacklist_cmd_job_result
until: blacklist_cmd_job_result.finished
retries: 30
- name: Set BlacklistedIpAddresses fact
set_fact:
BlacklistedIpAddresses: "{{ (blacklist_cmd_job_result.stdout | from_yaml)['output_value'] }}"
- name: Block on async port check
async_status:
jid: "{{ port_check.ansible_job_id }}"
register: port_check_job_result
until: port_check_job_result.finished
retries: 30
- name: Set ManagedIpAddresses fact
set_fact:
ManagedIpAddresses: "{{ openstack_ports | map(attribute='fixed_ips') | sum(start=[]) | map(attribute='ip_address') | list }}"
- name: Set node key fact
set_fact:
node_key_fact: "{{ lookup('env', 'ANSIBLE_PRIVATE_KEY_FILE') or (ansible_ssh_private_key_file | default(ansible_home ~ '/.ssh/id_rsa')) }}"
- name: Add ssh-servers
add_host:
hostname: "{{ item }}"
groups: tripleo_queues
user_public_key: "{{ user_public_key }}"
user_private_key: "{{ user_private_key }}"
user_private_key_file: "{{ user_private_key_file }}"
ansible_user: "{{ (item in ManagedIpAddresses) | ternary('heat-admin', (ssh_user | default(ansible_user))) }}"
ansible_ssh_private_key_file: "{{ node_key_fact }}"
changed_when: false
loop: '{{ set_ssh_servers | difference(((BlacklistedIpAddresses | length) < 1) | ternary([], BlacklistedIpAddresses)) }}'
- name: Run Create admin
hosts: localhost:tripleo_queues
become: true
any_errors_fatal: true
roles:
- role: tripleo_create_admin
tripleo_admin_user: tripleo-admin
tripleo_admin_pubkey: "{{ user_public_key }}"
- name: Validate TripleO Admin Access
hosts: localhost:tripleo_queues
user: tripleo-admin
gather_facts: false
vars:
ansible_ssh_private_key_file: "{{ user_private_key_file }}"
tasks:
- name: Ping host
ping: {}
View Git Blame Copy Permalink