Break out tripleo-admin creation to its own role

This removes some inline ansible from the mistral workflow, and allows this role to be reused in other contexts (such as undercloud install) Change-Id: Id89cc920e165c2103707609fd37639c3032cc8ea Partial-Bug: #1813832
2019-01-30 10:07:58 +13:00 · 2019-01-30 10:07:58 +13:00 · 98fc54819e
commit 98fc54819e
parent e6e69823c5
7 changed files with 91 additions and 28 deletions
--- a/releasenotes/notes/tripleo-create-admin-0ce59d13ce2c07f6.yaml
+++ b/releasenotes/notes/tripleo-create-admin-0ce59d13ce2c07f6.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Break out tripleo-admin creation to its own role called tripleo-create-admin.
+    This removes some inline ansible from the mistral workflow, and allows
+    this role to be reused in other contexts (such as undercloud install).
--- a/roles/tripleo-create-admin/README.md
+++ b/roles/tripleo-create-admin/README.md
@ -0,0 +1,48 @@
+# TripleO Create Admin #
+
+A role to create an admin user to be later used for running playbooks.
+
+## Role Variables ##
+
+| Name              | Default Value       | Description           |
+|-------------------|---------------------|-----------------------|
+| `tripleo_admin_user` | `tripleo-admin`     | Name of user to create|
+| `tripleo_admin_pubkey` | `[undefined]`     | Public key for authorization|
+
+## Requirements ##
+
+ - ansible >= 2.4
+ - python >= 2.6
+
+## Dependencies ##
+
+None
+
+## Example Playbooks ##
+
+### Create and authorize user tripleo-admin ###
+    - hosts: localhost
+      tasks:
+      - import_role:
+          name: tripleo-create-admin
+        vars:
+          tripleo_admin_user: tripleo-admin
+          tripleo_admin_pubkey: ssh-rsa AAAA... # etc
+
+### Create user tripleo-admin ###
+    - hosts: controller-0
+      tasks:
+      - import_role:
+          name: tripleo-create-admin
+          tasks_from: create_user.yml
+
+### Authorize existing user ###
+
+    - hosts: localhost
+      tasks:
+      - import_role:
+          name: tripleo-create-admin
+          tasks_from: authorize_user.yml
+        vars:
+          tripleo_admin_user: tripleo-admin
+          tripleo_admin_pubkey: ssh-rsa AAAA... # etc
--- a/roles/tripleo-create-admin/defaults/main.yml
+++ b/roles/tripleo-create-admin/defaults/main.yml
@ -0,0 +1 @@
+tripleo_admin_user: tripleo-admin
--- a/roles/tripleo-create-admin/tasks/authorize_user.yml
+++ b/roles/tripleo-create-admin/tasks/authorize_user.yml
@ -0,0 +1,5 @@
+- name: authorize TripleO Mistral key for user {{ tripleo_admin_user }}
+  lineinfile:
+    path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
+    line: '{{ tripleo_admin_pubkey }}'
+    regexp: 'Generated by TripleO'
--- a/roles/tripleo-create-admin/tasks/create_user.yml
+++ b/roles/tripleo-create-admin/tasks/create_user.yml
@ -0,0 +1,23 @@
+- name: create user {{ tripleo_admin_user }}
+  user:
+    name: '{{ tripleo_admin_user }}'
+- name: grant admin rights to user {{ tripleo_admin_user }}
+  copy:
+    dest: /etc/sudoers.d/{{ tripleo_admin_user }}
+    content: |
+      {{ tripleo_admin_user }} ALL=(ALL) NOPASSWD:ALL
+    mode: 0440
+- name: ensure .ssh dir exists for user {{ tripleo_admin_user }}
+  file:
+    path: /home/{{ tripleo_admin_user }}/.ssh
+    state: directory
+    owner: '{{ tripleo_admin_user }}'
+    group: '{{ tripleo_admin_user }}'
+    mode: 0700
+- name: ensure authorized_keys file exists for user {{ tripleo_admin_user }}
+  file:
+    path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
+    state: touch
+    owner: '{{ tripleo_admin_user }}'
+    group: '{{ tripleo_admin_user }}'
+    mode: 0600
--- a/roles/tripleo-create-admin/tasks/main.yml
+++ b/roles/tripleo-create-admin/tasks/main.yml
@ -0,0 +1,2 @@
+- import_tasks: create_user.yml
+- import_tasks: authorize_user.yml
--- a/workbooks/access.yaml
+++ b/workbooks/access.yaml
@ -61,34 +61,12 @@ workflows:
          - create_admin_via_ssh: <% $.ssh_private_key != null %>
        publish:
          create_admin_tasks:
-            - name: create user <% $.overcloud_admin %>
-              user:
-                name: '<% $.overcloud_admin %>'
-            - name: grant admin rights to user <% $.overcloud_admin %>
-              copy:
-                dest: /etc/sudoers.d/<% $.overcloud_admin %>
-                content: |
-                  <% $.overcloud_admin %> ALL=(ALL) NOPASSWD:ALL
-                mode: 0440
-            - name: ensure .ssh dir exists for user <% $.overcloud_admin %>
-              file:
-                path: /home/<% $.overcloud_admin %>/.ssh
-                state: directory
-                owner: <% $.overcloud_admin %>
-                group: <% $.overcloud_admin %>
-                mode: 0700
-            - name: ensure authorized_keys file exists for user <% $.overcloud_admin %>
-              file:
-                path: /home/<% $.overcloud_admin %>/.ssh/authorized_keys
-                state: touch
-                owner: <% $.overcloud_admin %>
-                group: <% $.overcloud_admin %>
-                mode: 0700
-            - name: authorize TripleO Mistral key for user <% $.overcloud_admin %>
-              lineinfile:
-                path: /home/<% $.overcloud_admin %>/.ssh/authorized_keys
-                line: <% $.pubkey %>
-                regexp: "Generated by TripleO"
+            - name: create and authorize user <% $.overcloud_admin %>
+              import_role:
+                name: tripleo-create-admin
+              vars:
+                tripleo_admin_user: <% $.overcloud_admin %>
+                tripleo_admin_pubkey: <% $.pubkey %>

      # Nova variant
      create_admin_via_nova: