Check pub key file perms and default to pub key data
The previously default /home/stack/.ssh/id_rsa.pub file may not exist or
be readable; exit with explicit error message. Users can still specify a
file path but will need to ensure it is readable. Should a file path not
be specified, default to amp_ssh_key_data. The value is passed by THT
with the public key of the 'default' keypair from the undercloud which
anyway is the public key of the 'stack' user.
This patch also fixes a syntax error in octavia-undercloud role.
Closes-Bug: #1770153
Closes-Bug: #1770641
Depends-On: https://review.openstack.org/568022
Change-Id: I0026343d90b84572c3002fa21001cfb09c742391
(cherry picked from commit 8a69b692c4
)
This commit is contained in:
parent
1d3aefbe2f
commit
a2a5539579
|
@ -5,6 +5,7 @@
|
|||
vars:
|
||||
amp_ssh_key_name: "{{ amp_ssh_key_name }}"
|
||||
amp_ssh_key_path: "{{ amp_ssh_key_path }}"
|
||||
amp_ssh_key_data: "{{ amp_ssh_key_data }}"
|
||||
auth_username: "{{ auth_username }}"
|
||||
auth_pasword: "{{ auth_password }}"
|
||||
auth_project_name: "{{ auth_project_name }}"
|
||||
|
|
|
@ -3,7 +3,7 @@ amp_image_name: "octavia-amphora"
|
|||
amp_image_filename: "/usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2"
|
||||
amp_image_tag: "amphora-image"
|
||||
amp_ssh_key_name: "octavia-ssh-key"
|
||||
amp_ssh_key_path: "/home/stack/.ssh/id_rsa.pub"
|
||||
amp_ssh_key_path: ""
|
||||
auth_username: "octavia"
|
||||
auth_project_name: "service"
|
||||
lb_mgmt_net_name: "lb-mgmt-net"
|
||||
|
|
|
@ -14,16 +14,39 @@
|
|||
changed_when: "image_result.stdout != ''"
|
||||
when: amp_image_file_result.stat.exists == True
|
||||
|
||||
- name: check if pub key file exists
|
||||
stat: path="{{ amp_ssh_key_path }}"
|
||||
register: ssh_pub_key_file_result
|
||||
- name: use ssh pub key file if provided and is readable
|
||||
block:
|
||||
- name: check if pub key file exists
|
||||
stat: path="{{ amp_ssh_key_path }}"
|
||||
register: key_file_result
|
||||
ignore_errors: true
|
||||
|
||||
- name: fail if ssh pub key file does not exist or is not readable
|
||||
fail: msg="{{ amp_ssh_key_path }} does not exist or is not readable by user {{ ansible_user }}"
|
||||
when: key_file_result|failed or key_file_result.stat.exists == False or key_file_result.stat.readable == False
|
||||
|
||||
- set_fact:
|
||||
amp_ssh_key_path_final: "{{ amp_ssh_key_path }}"
|
||||
when: amp_ssh_key_path is defined and amp_ssh_key_path != ""
|
||||
|
||||
- name: defaulting to public key from undercloud default keypair
|
||||
block:
|
||||
- name: create temp pub key file
|
||||
tempfile: state=file
|
||||
register: ssh_key_tmp_file
|
||||
|
||||
- name: copy ssh public key content to temp file
|
||||
copy: content="{{ amp_ssh_key_data }}" dest="{{ ssh_key_tmp_file.path }}"
|
||||
|
||||
- set_fact:
|
||||
amp_ssh_key_path_final: "{{ ssh_key_tmp_file.path }}"
|
||||
when: amp_ssh_key_path is not defined or amp_ssh_key_path == ""
|
||||
|
||||
- name: upload pub key to overcloud
|
||||
shell: |
|
||||
openstack keypair show {{ amp_ssh_key_name }} || \
|
||||
openstack keypair create --public-key {{ amp_ssh_key_path }} {{ amp_ssh_key_name }}
|
||||
openstack keypair create --public-key {{ amp_ssh_key_path_final }} {{ amp_ssh_key_name }}
|
||||
environment:
|
||||
OS_USERNAME: {{ auth_username }}
|
||||
OS_PASSWORD: {{ auth_password }}
|
||||
OS_PROJECT_NAME: {{ auth_project_name }}
|
||||
when: ssh_pub_key_file_result.stat.exists == True
|
||||
OS_USERNAME: "{{ auth_username }}"
|
||||
OS_PASSWORD: "{{ auth_password }}"
|
||||
OS_PROJECT_NAME: "{{ auth_project_name }}"
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
fixes:
|
||||
- Check pub key file permissions and default to pub key data for Octavia.
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
fixes:
|
||||
- Fix syntax error in octavia-undercloud role.
|
|
@ -13,6 +13,7 @@ workflows:
|
|||
- amp_image_tag
|
||||
- amp_ssh_key_name
|
||||
- amp_ssh_key_path
|
||||
- amp_ssh_key_data
|
||||
- auth_username
|
||||
- auth_password
|
||||
- auth_project_name
|
||||
|
@ -101,6 +102,7 @@ workflows:
|
|||
amp_image_tag: <% $.amp_image_tag %>
|
||||
amp_ssh_key_name: <% $.amp_ssh_key_name %>
|
||||
amp_ssh_key_path: <% $.amp_ssh_key_path %>
|
||||
amp_ssh_key_data: <% $.amp_ssh_key_data %>
|
||||
auth_username: <% $.auth_username %>
|
||||
auth_password: <% $.auth_password %>
|
||||
auth_project_name: <% $.auth_project_name %>
|
||||
|
|
Loading…
Reference in New Issue