From dfa6cf77bc25aa99a77739484d49b20b3c5a4ff5 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Tue, 30 Jan 2018 15:31:37 -0500 Subject: [PATCH] Add tripleo-ssh-known-hosts role Support the SshKnownHostsDeployment resources from Heat with a new Ansible role in tripleo-common for use by config-download. The new role will configure /etc/ssh/ssh_known_hosts in the same manner that the Heat deployments did. Change-Id: I9314596f9ab48e95ba34d08dba9abfee2f8d2e0c Partial-Bug: #1746336 --- ...pleo-ssh-known-hosts-d27c54b0a6f9a028.yaml | 5 +++ roles/tripleo-ssh-known-hosts/README.md | 41 +++++++++++++++++++ .../tripleo-ssh-known-hosts/defaults/main.yml | 3 ++ .../tripleo-ssh-known-hosts/handlers/main.yml | 1 + roles/tripleo-ssh-known-hosts/meta/main.yml | 1 + roles/tripleo-ssh-known-hosts/tasks/main.yml | 8 ++++ .../templates/ssh_known_hosts.j2 | 3 ++ 7 files changed, 62 insertions(+) create mode 100644 releasenotes/notes/tripleo-ssh-known-hosts-d27c54b0a6f9a028.yaml create mode 100644 roles/tripleo-ssh-known-hosts/README.md create mode 100644 roles/tripleo-ssh-known-hosts/defaults/main.yml create mode 100644 roles/tripleo-ssh-known-hosts/handlers/main.yml create mode 100644 roles/tripleo-ssh-known-hosts/meta/main.yml create mode 100644 roles/tripleo-ssh-known-hosts/tasks/main.yml create mode 100644 roles/tripleo-ssh-known-hosts/templates/ssh_known_hosts.j2 diff --git a/releasenotes/notes/tripleo-ssh-known-hosts-d27c54b0a6f9a028.yaml b/releasenotes/notes/tripleo-ssh-known-hosts-d27c54b0a6f9a028.yaml new file mode 100644 index 000000000..770309ce6 --- /dev/null +++ b/releasenotes/notes/tripleo-ssh-known-hosts-d27c54b0a6f9a028.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Support for the SshKnownHostsDeployment resources has been fixed by adding + a new role that can be used to configure /etc/ssh/ssh_known_hosts + on each host. diff --git a/roles/tripleo-ssh-known-hosts/README.md b/roles/tripleo-ssh-known-hosts/README.md new file mode 100644 index 000000000..220a33f2a --- /dev/null +++ b/roles/tripleo-ssh-known-hosts/README.md @@ -0,0 +1,41 @@ +tripleo-ssh-known-hosts +======================= + +An Ansible role to add all SSH host keys to the host level known hosts file on +all hosts. + +Requirements +------------ + +This section needs to be documented. + +Role variables +-------------- + +- ssh_known_hosts: -- Dict of hostname to ssh_known_hosts entries for a given + host + +Dependencies +------------ + +None. + +Example Playbook +---------------- + +Sample playbook to call the role: + + - name: Configure SSH known hosts + hosts: all + roles: + - tripleo-ssh-known-hosts + +License +------- + +Free software: Apache License (2.0) + +Author Information +------------------ + +OpenStack TripleO team diff --git a/roles/tripleo-ssh-known-hosts/defaults/main.yml b/roles/tripleo-ssh-known-hosts/defaults/main.yml new file mode 100644 index 000000000..f662850da --- /dev/null +++ b/roles/tripleo-ssh-known-hosts/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +ssh_known_hosts: {} diff --git a/roles/tripleo-ssh-known-hosts/handlers/main.yml b/roles/tripleo-ssh-known-hosts/handlers/main.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/roles/tripleo-ssh-known-hosts/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/tripleo-ssh-known-hosts/meta/main.yml b/roles/tripleo-ssh-known-hosts/meta/main.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/roles/tripleo-ssh-known-hosts/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/tripleo-ssh-known-hosts/tasks/main.yml b/roles/tripleo-ssh-known-hosts/tasks/main.yml new file mode 100644 index 000000000..c9241fd39 --- /dev/null +++ b/roles/tripleo-ssh-known-hosts/tasks/main.yml @@ -0,0 +1,8 @@ +--- + +- name: Template /etc/ssh/ssh_known_hosts + template: + src: ssh_known_hosts.j2 + dest: /etc/ssh/ssh_known_hosts + tags: + - tripleo_ssh_known_hosts diff --git a/roles/tripleo-ssh-known-hosts/templates/ssh_known_hosts.j2 b/roles/tripleo-ssh-known-hosts/templates/ssh_known_hosts.j2 new file mode 100644 index 000000000..39fa2b748 --- /dev/null +++ b/roles/tripleo-ssh-known-hosts/templates/ssh_known_hosts.j2 @@ -0,0 +1,3 @@ +{% for host in groups['overcloud'] %} +{{ ssh_known_hosts[hostvars[host]['ansible_nodename']] + ' ' + hostvars[host]['ansible_ssh_host_key_ecdsa_public'] }} +{% endfor %}