Browse Source

Authorize undercloud tripleo-admin user

This adds the public key into the .ssh/authorized_keys file
in /home/tripleo-admin. Failure is ignored because this may be running
on an undercloud which doesn't yet have a configured tripleo-admin
user.

This change also refactors the removal of the generate_playbook task
since the playbook now just invokes a role, there is no maintainence
benefit to justify the extra complexity.

Partial-Bug: #1813832
Change-Id: Id2ee912c456d66ed189fd5fdbaa5c1c3627bdf20
Depends-On: I4c8ee04534636622581eb386c01790d6610e7f58
changes/16/634616/5
Steve Baker 3 years ago
parent
commit
c1341fc4d1
  1. 58
      workbooks/access.yaml

58
workbooks/access.yaml

@ -31,10 +31,33 @@ workflows:
tasks:
get_pubkey:
action: tripleo.validations.get_pubkey
on-success: get_blacklisted_ip_addresses
on-success: authorize_undercloud_admin
publish:
pubkey: <% task().result %>
authorize_undercloud_admin:
action: tripleo.ansible-playbook
# older underclouds may not have a tripleo-admin user,
# so continue on success or failure
on-complete: get_blacklisted_ip_addresses
input:
inventory:
undercloud:
hosts:
localhost:
ansible_connection: local
playbook:
- hosts: undercloud
tasks:
- name: undercloud authorize user <% $.overcloud_admin %>
import_role:
name: tripleo-create-admin
tasks_from: authorize_user.yml
vars:
tripleo_admin_user: <% $.overcloud_admin %>
tripleo_admin_pubkey: <% $.pubkey %>
execution_id: <% execution().id %>
get_blacklisted_ip_addresses:
action: heat.stacks_output_show
input:
@ -50,23 +73,12 @@ workflows:
get_ssh_servers_not_blacklisted:
publish:
ssh_servers_not_blacklisted: <% let(blacklisted=>$.blacklisted_ip_addresses, ssh_servers=>$.ssh_servers) -> $ssh_servers.where(not $ in $blacklisted) %>
on-success: generate_playbook
publish-on-error:
status: FAILED
message: <% task().result %>
generate_playbook:
on-success:
- create_admin_via_nova: <% $.ssh_private_key = null %>
- create_admin_via_ssh: <% $.ssh_private_key != null %>
publish:
create_admin_tasks:
- name: create and authorize user <% $.overcloud_admin %>
import_role:
name: tripleo-create-admin
vars:
tripleo_admin_user: <% $.overcloud_admin %>
tripleo_admin_pubkey: <% $.pubkey %>
publish-on-error:
status: FAILED
message: <% task().result %>
# Nova variant
create_admin_via_nova:
@ -74,7 +86,13 @@ workflows:
input:
queue_name: <% $.queue_name %>
ssh_servers: <% $.ssh_servers_not_blacklisted %>
tasks: <% $.create_admin_tasks %>
tasks:
- name: create and authorize user <% $.overcloud_admin %>
import_role:
name: tripleo-create-admin
vars:
tripleo_admin_user: <% $.overcloud_admin %>
tripleo_admin_pubkey: <% $.pubkey %>
overcloud_admin: <% $.overcloud_admin %>
# SSH variant
@ -84,7 +102,13 @@ workflows:
ssh_private_key: <% $.ssh_private_key %>
ssh_user: <% $.ssh_user %>
ssh_servers: <% $.ssh_servers_not_blacklisted %>
tasks: <% $.create_admin_tasks %>
tasks:
- name: create and authorize user <% $.overcloud_admin %>
import_role:
name: tripleo-create-admin
vars:
tripleo_admin_user: <% $.overcloud_admin %>
tripleo_admin_pubkey: <% $.pubkey %>
create_admin_via_nova:
input:

Loading…
Cancel
Save