From 9385dcc50ee4fd1b01cee6fd47e2829be942b806 Mon Sep 17 00:00:00 2001
From: Steve Baker <sbaker@redhat.com>
Date: Thu, 21 Feb 2019 14:38:41 +1300
Subject: [PATCH] Allow tripleo-admin user to have a keypair

By setting tripleo_admin_generate_key:true, the user will have
a keypair created for it, and the public key is added to the
authorized_keys file for that user.

This allows the private key file to be injected elsewhere for other
users to access this user.

Specifically, this private key will be made available to the
mistral-executor container so that it can ssh out into the
tripleo-admin user on the undercloud.

Change-Id: I6ec5a01e736aeb00fcad1e589211c6a8a8aeecef
---
 roles/tripleo-create-admin/README.md             | 9 +++++++++
 roles/tripleo-create-admin/defaults/main.yml     | 1 +
 roles/tripleo-create-admin/tasks/create_user.yml | 7 +++++++
 3 files changed, 17 insertions(+)

diff --git a/roles/tripleo-create-admin/README.md b/roles/tripleo-create-admin/README.md
index 23ea7ed1e..025563a89 100644
--- a/roles/tripleo-create-admin/README.md
+++ b/roles/tripleo-create-admin/README.md
@@ -36,6 +36,15 @@ None
           name: tripleo-create-admin
           tasks_from: create_user.yml
 
+### Create user tripleo-admin with a keypair ###
+    - hosts: undercloud
+      tasks:
+      - import_role:
+          name: tripleo-create-admin
+          tasks_from: create_user.yml
+        vars: 
+          tripleo_admin_generate_key: true
+
 ### Authorize existing user ###
 
     - hosts: localhost
diff --git a/roles/tripleo-create-admin/defaults/main.yml b/roles/tripleo-create-admin/defaults/main.yml
index 51a6f7881..8bfb55046 100644
--- a/roles/tripleo-create-admin/defaults/main.yml
+++ b/roles/tripleo-create-admin/defaults/main.yml
@@ -1 +1,2 @@
 tripleo_admin_user: tripleo-admin
+tripleo_admin_generate_key: false
diff --git a/roles/tripleo-create-admin/tasks/create_user.yml b/roles/tripleo-create-admin/tasks/create_user.yml
index edf805f0a..51733e879 100644
--- a/roles/tripleo-create-admin/tasks/create_user.yml
+++ b/roles/tripleo-create-admin/tasks/create_user.yml
@@ -1,6 +1,7 @@
 - name: create user {{ tripleo_admin_user }}
   user:
     name: '{{ tripleo_admin_user }}'
+    generate_ssh_key: '{{ tripleo_admin_generate_key }}'
 - name: grant admin rights to user {{ tripleo_admin_user }}
   copy:
     dest: /etc/sudoers.d/{{ tripleo_admin_user }}
@@ -21,3 +22,9 @@
     owner: '{{ tripleo_admin_user }}'
     group: '{{ tripleo_admin_user }}'
     mode: 0600
+- name: append {{ tripleo_admin_user }} public key to authorized_keys
+  lineinfile:
+    path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
+    line: "{{ lookup('file', '/home/' + tripleo_admin_user + '/.ssh/id_rsa.pub')}}"
+    state: present
+  when: tripleo_admin_generate_key