Merge "Set the private key for undercloud tripleo-admin"

2019-04-03 16:35:37 +00:00 · 2019-04-03 16:35:37 +00:00 · 3a9ddcc2de
commit 3a9ddcc2de
parent c6adb5c251 e234c4ea70
5 changed files with 14 additions and 25 deletions
--- a/tripleo_common/actions/ansible.py
+++ b/tripleo_common/actions/ansible.py
@ -613,6 +613,8 @@ class AnsibleGenerateInventoryAction(base.TripleOAction):
        self._kwargs_for_run = kwargs
        self.ansible_ssh_user = self._kwargs_for_run.pop(
            'ansible_ssh_user', 'tripleo-admin')
+        self.undercloud_key_file = self._kwargs_for_run.pop(
+            'undercloud_key_file', None)
        self.ansible_python_interpreter = self._kwargs_for_run.pop(
            'ansible_python_interpreter', None)
        self._work_dir = self._kwargs_for_run.pop(
@ -642,6 +644,7 @@ class AnsibleGenerateInventoryAction(base.TripleOAction):
            project_name=context.security.project_name,
            username=context.security.user_name,
            ansible_ssh_user=self.ansible_ssh_user,
+            undercloud_key_file=self.undercloud_key_file,
            undercloud_connection=inventory.UNDERCLOUD_CONNECTION_SSH,
            ansible_python_interpreter=self.ansible_python_interpreter,
            plan_name=self.plan_name,
--- a/tripleo_common/inventory.py
+++ b/tripleo_common/inventory.py
@ -92,7 +92,8 @@ class TripleoInventory(object):
                 plan_name=None, auth_url=None, project_name=None,
                 cacert=None, username=None, ansible_ssh_user=None,
                 host_network=None, ansible_python_interpreter=None,
-                 undercloud_connection=UNDERCLOUD_CONNECTION_LOCAL):
+                 undercloud_connection=UNDERCLOUD_CONNECTION_LOCAL,
+                 undercloud_key_file=None):
        self.session = session
        self.hclient = hclient
        self.hosts_format_dict = False
@ -102,6 +103,7 @@ class TripleoInventory(object):
        self.project_name = project_name
        self.username = username
        self.ansible_ssh_user = ansible_ssh_user
+        self.undercloud_key_file = undercloud_key_file
        self.plan_name = plan_name
        self.ansible_python_interpreter = ansible_python_interpreter
        self.stack_outputs = StackOutputs(self.plan_name, self.hclient)
@ -178,6 +180,9 @@ class TripleoInventory(object):
        if self.undercloud_connection == UNDERCLOUD_CONNECTION_SSH:
            ret['Undercloud']['vars']['ansible_ssh_user'] = \
                self.ansible_ssh_user
+            if self.undercloud_key_file:
+                ret['Undercloud']['vars']['ansible_ssh_private_key_file'] = \
+                    self.undercloud_key_file

        swift_url = None
        if self.session:
--- a/tripleo_common/tests/test_inventory.py
+++ b/tripleo_common/tests/test_inventory.py
@ -237,6 +237,7 @@ class TestInventory(base.TestCase):

    def _try_alternative_args(self, ansible_ssh_user, session,
                              undercloud_connection):
+        key_file = '/var/lib/mistral/.ssh/%s-key' % ansible_ssh_user
        self.inventory = TripleoInventory(
            session=session,
            hclient=self.hclient,
@ -247,6 +248,7 @@ class TestInventory(base.TestCase):
            cacert='acacert',
            ansible_ssh_user=ansible_ssh_user,
            undercloud_connection=undercloud_connection,
+            undercloud_key_file=key_file,
            ansible_python_interpreter='foo')

        self.inventory.stack_outputs = self.outputs
@ -278,6 +280,7 @@ class TestInventory(base.TestCase):
            'Undercloud': {
                'hosts': ['undercloud'],
                'vars': {'ansible_connection': 'ssh',
+                         'ansible_ssh_private_key_file': key_file,
                         'ansible_ssh_user': 'my-custom-admin',
                         'ansible_host': 'localhost',
                         'ansible_python_interpreter': 'foo',
--- a/workbooks/access.yaml
+++ b/workbooks/access.yaml
@ -31,33 +31,10 @@ workflows:
    tasks:
      get_pubkey:
        action: tripleo.validations.get_pubkey
-        on-success: authorize_undercloud_admin
+        on-success: get_blacklisted_ip_addresses
        publish:
          pubkey: <% task().result %>

-      authorize_undercloud_admin:
-        action: tripleo.ansible-playbook
-        # older underclouds may not have a tripleo-admin user,
-        # so continue on success or failure
-        on-complete: get_blacklisted_ip_addresses
-        input:
-          inventory:
-            undercloud:
-              hosts:
-                localhost:
-                  ansible_connection: local
-          playbook:
-            - hosts: undercloud
-              tasks:
-              - name: undercloud authorize user <% $.overcloud_admin %>
-                import_role:
-                  name: tripleo-create-admin
-                  tasks_from: authorize_user.yml
-                vars:
-                  tripleo_admin_user: <% $.overcloud_admin %>
-                  tripleo_admin_pubkey: <% $.pubkey %>
-          execution_id: <% execution().id %>
-
      get_blacklisted_ip_addresses:
        action: heat.stacks_output_show
        input:
--- a/workbooks/deployment.yaml
+++ b/workbooks/deployment.yaml
@ -484,6 +484,7 @@ workflows:
          work_dir: <% $.get('work_dir') %>/<% $.get('plan_name') %>
          plan_name: <% $.get('plan_name') %>
          ssh_network: <% $.get('ssh_network') %>
+          undercloud_key_file: <% $.get('work_dir') %>/.ssh/tripleo-admin-rsa
        publish:
          inventory: <% task().result %>
        on-success: send_msg_generate_inventory