Browse Source

Break out tripleo-admin creation to its own role

This removes some inline ansible from the mistral workflow, and allows
this role to be reused in other contexts (such as undercloud install)

Change-Id: Id89cc920e165c2103707609fd37639c3032cc8ea
Partial-Bug: #1813832
changes/27/633827/3
Steve Baker 3 years ago
parent
commit
98fc54819e
  1. 6
      releasenotes/notes/tripleo-create-admin-0ce59d13ce2c07f6.yaml
  2. 48
      roles/tripleo-create-admin/README.md
  3. 1
      roles/tripleo-create-admin/defaults/main.yml
  4. 5
      roles/tripleo-create-admin/tasks/authorize_user.yml
  5. 23
      roles/tripleo-create-admin/tasks/create_user.yml
  6. 2
      roles/tripleo-create-admin/tasks/main.yml
  7. 34
      workbooks/access.yaml

6
releasenotes/notes/tripleo-create-admin-0ce59d13ce2c07f6.yaml

@ -0,0 +1,6 @@
---
features:
- |
Break out tripleo-admin creation to its own role called tripleo-create-admin.
This removes some inline ansible from the mistral workflow, and allows
this role to be reused in other contexts (such as undercloud install).

48
roles/tripleo-create-admin/README.md

@ -0,0 +1,48 @@
# TripleO Create Admin #
A role to create an admin user to be later used for running playbooks.
## Role Variables ##
| Name | Default Value | Description |
|-------------------|---------------------|-----------------------|
| `tripleo_admin_user` | `tripleo-admin` | Name of user to create|
| `tripleo_admin_pubkey` | `[undefined]` | Public key for authorization|
## Requirements ##
- ansible >= 2.4
- python >= 2.6
## Dependencies ##
None
## Example Playbooks ##
### Create and authorize user tripleo-admin ###
- hosts: localhost
tasks:
- import_role:
name: tripleo-create-admin
vars:
tripleo_admin_user: tripleo-admin
tripleo_admin_pubkey: ssh-rsa AAAA... # etc
### Create user tripleo-admin ###
- hosts: controller-0
tasks:
- import_role:
name: tripleo-create-admin
tasks_from: create_user.yml
### Authorize existing user ###
- hosts: localhost
tasks:
- import_role:
name: tripleo-create-admin
tasks_from: authorize_user.yml
vars:
tripleo_admin_user: tripleo-admin
tripleo_admin_pubkey: ssh-rsa AAAA... # etc

1
roles/tripleo-create-admin/defaults/main.yml

@ -0,0 +1 @@
tripleo_admin_user: tripleo-admin

5
roles/tripleo-create-admin/tasks/authorize_user.yml

@ -0,0 +1,5 @@
- name: authorize TripleO Mistral key for user {{ tripleo_admin_user }}
lineinfile:
path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
line: '{{ tripleo_admin_pubkey }}'
regexp: 'Generated by TripleO'

23
roles/tripleo-create-admin/tasks/create_user.yml

@ -0,0 +1,23 @@
- name: create user {{ tripleo_admin_user }}
user:
name: '{{ tripleo_admin_user }}'
- name: grant admin rights to user {{ tripleo_admin_user }}
copy:
dest: /etc/sudoers.d/{{ tripleo_admin_user }}
content: |
{{ tripleo_admin_user }} ALL=(ALL) NOPASSWD:ALL
mode: 0440
- name: ensure .ssh dir exists for user {{ tripleo_admin_user }}
file:
path: /home/{{ tripleo_admin_user }}/.ssh
state: directory
owner: '{{ tripleo_admin_user }}'
group: '{{ tripleo_admin_user }}'
mode: 0700
- name: ensure authorized_keys file exists for user {{ tripleo_admin_user }}
file:
path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
state: touch
owner: '{{ tripleo_admin_user }}'
group: '{{ tripleo_admin_user }}'
mode: 0600

2
roles/tripleo-create-admin/tasks/main.yml

@ -0,0 +1,2 @@
- import_tasks: create_user.yml
- import_tasks: authorize_user.yml

34
workbooks/access.yaml

@ -61,34 +61,12 @@ workflows:
- create_admin_via_ssh: <% $.ssh_private_key != null %>
publish:
create_admin_tasks:
- name: create user <% $.overcloud_admin %>
user:
name: '<% $.overcloud_admin %>'
- name: grant admin rights to user <% $.overcloud_admin %>
copy:
dest: /etc/sudoers.d/<% $.overcloud_admin %>
content: |
<% $.overcloud_admin %> ALL=(ALL) NOPASSWD:ALL
mode: 0440
- name: ensure .ssh dir exists for user <% $.overcloud_admin %>
file:
path: /home/<% $.overcloud_admin %>/.ssh
state: directory
owner: <% $.overcloud_admin %>
group: <% $.overcloud_admin %>
mode: 0700
- name: ensure authorized_keys file exists for user <% $.overcloud_admin %>
file:
path: /home/<% $.overcloud_admin %>/.ssh/authorized_keys
state: touch
owner: <% $.overcloud_admin %>
group: <% $.overcloud_admin %>
mode: 0700
- name: authorize TripleO Mistral key for user <% $.overcloud_admin %>
lineinfile:
path: /home/<% $.overcloud_admin %>/.ssh/authorized_keys
line: <% $.pubkey %>
regexp: "Generated by TripleO"
- name: create and authorize user <% $.overcloud_admin %>
import_role:
name: tripleo-create-admin
vars:
tripleo_admin_user: <% $.overcloud_admin %>
tripleo_admin_pubkey: <% $.pubkey %>
# Nova variant
create_admin_via_nova:

Loading…
Cancel
Save