Authorize undercloud tripleo-admin user
This adds the public key into the .ssh/authorized_keys file in /home/tripleo-admin. Failure is ignored because this may be running on an undercloud which doesn't yet have a configured tripleo-admin user. This change also refactors the removal of the generate_playbook task since the playbook now just invokes a role, there is no maintainence benefit to justify the extra complexity. Partial-Bug: #1813832 Change-Id: Id2ee912c456d66ed189fd5fdbaa5c1c3627bdf20 Depends-On: I4c8ee04534636622581eb386c01790d6610e7f58
This commit is contained in:
parent
9c540ccc7f
commit
c1341fc4d1
|
@ -31,10 +31,33 @@ workflows:
|
||||||
tasks:
|
tasks:
|
||||||
get_pubkey:
|
get_pubkey:
|
||||||
action: tripleo.validations.get_pubkey
|
action: tripleo.validations.get_pubkey
|
||||||
on-success: get_blacklisted_ip_addresses
|
on-success: authorize_undercloud_admin
|
||||||
publish:
|
publish:
|
||||||
pubkey: <% task().result %>
|
pubkey: <% task().result %>
|
||||||
|
|
||||||
|
authorize_undercloud_admin:
|
||||||
|
action: tripleo.ansible-playbook
|
||||||
|
# older underclouds may not have a tripleo-admin user,
|
||||||
|
# so continue on success or failure
|
||||||
|
on-complete: get_blacklisted_ip_addresses
|
||||||
|
input:
|
||||||
|
inventory:
|
||||||
|
undercloud:
|
||||||
|
hosts:
|
||||||
|
localhost:
|
||||||
|
ansible_connection: local
|
||||||
|
playbook:
|
||||||
|
- hosts: undercloud
|
||||||
|
tasks:
|
||||||
|
- name: undercloud authorize user <% $.overcloud_admin %>
|
||||||
|
import_role:
|
||||||
|
name: tripleo-create-admin
|
||||||
|
tasks_from: authorize_user.yml
|
||||||
|
vars:
|
||||||
|
tripleo_admin_user: <% $.overcloud_admin %>
|
||||||
|
tripleo_admin_pubkey: <% $.pubkey %>
|
||||||
|
execution_id: <% execution().id %>
|
||||||
|
|
||||||
get_blacklisted_ip_addresses:
|
get_blacklisted_ip_addresses:
|
||||||
action: heat.stacks_output_show
|
action: heat.stacks_output_show
|
||||||
input:
|
input:
|
||||||
|
@ -50,23 +73,12 @@ workflows:
|
||||||
get_ssh_servers_not_blacklisted:
|
get_ssh_servers_not_blacklisted:
|
||||||
publish:
|
publish:
|
||||||
ssh_servers_not_blacklisted: <% let(blacklisted=>$.blacklisted_ip_addresses, ssh_servers=>$.ssh_servers) -> $ssh_servers.where(not $ in $blacklisted) %>
|
ssh_servers_not_blacklisted: <% let(blacklisted=>$.blacklisted_ip_addresses, ssh_servers=>$.ssh_servers) -> $ssh_servers.where(not $ in $blacklisted) %>
|
||||||
on-success: generate_playbook
|
|
||||||
publish-on-error:
|
|
||||||
status: FAILED
|
|
||||||
message: <% task().result %>
|
|
||||||
|
|
||||||
generate_playbook:
|
|
||||||
on-success:
|
on-success:
|
||||||
- create_admin_via_nova: <% $.ssh_private_key = null %>
|
- create_admin_via_nova: <% $.ssh_private_key = null %>
|
||||||
- create_admin_via_ssh: <% $.ssh_private_key != null %>
|
- create_admin_via_ssh: <% $.ssh_private_key != null %>
|
||||||
publish:
|
publish-on-error:
|
||||||
create_admin_tasks:
|
status: FAILED
|
||||||
- name: create and authorize user <% $.overcloud_admin %>
|
message: <% task().result %>
|
||||||
import_role:
|
|
||||||
name: tripleo-create-admin
|
|
||||||
vars:
|
|
||||||
tripleo_admin_user: <% $.overcloud_admin %>
|
|
||||||
tripleo_admin_pubkey: <% $.pubkey %>
|
|
||||||
|
|
||||||
# Nova variant
|
# Nova variant
|
||||||
create_admin_via_nova:
|
create_admin_via_nova:
|
||||||
|
@ -74,7 +86,13 @@ workflows:
|
||||||
input:
|
input:
|
||||||
queue_name: <% $.queue_name %>
|
queue_name: <% $.queue_name %>
|
||||||
ssh_servers: <% $.ssh_servers_not_blacklisted %>
|
ssh_servers: <% $.ssh_servers_not_blacklisted %>
|
||||||
tasks: <% $.create_admin_tasks %>
|
tasks:
|
||||||
|
- name: create and authorize user <% $.overcloud_admin %>
|
||||||
|
import_role:
|
||||||
|
name: tripleo-create-admin
|
||||||
|
vars:
|
||||||
|
tripleo_admin_user: <% $.overcloud_admin %>
|
||||||
|
tripleo_admin_pubkey: <% $.pubkey %>
|
||||||
overcloud_admin: <% $.overcloud_admin %>
|
overcloud_admin: <% $.overcloud_admin %>
|
||||||
|
|
||||||
# SSH variant
|
# SSH variant
|
||||||
|
@ -84,7 +102,13 @@ workflows:
|
||||||
ssh_private_key: <% $.ssh_private_key %>
|
ssh_private_key: <% $.ssh_private_key %>
|
||||||
ssh_user: <% $.ssh_user %>
|
ssh_user: <% $.ssh_user %>
|
||||||
ssh_servers: <% $.ssh_servers_not_blacklisted %>
|
ssh_servers: <% $.ssh_servers_not_blacklisted %>
|
||||||
tasks: <% $.create_admin_tasks %>
|
tasks:
|
||||||
|
- name: create and authorize user <% $.overcloud_admin %>
|
||||||
|
import_role:
|
||||||
|
name: tripleo-create-admin
|
||||||
|
vars:
|
||||||
|
tripleo_admin_user: <% $.overcloud_admin %>
|
||||||
|
tripleo_admin_pubkey: <% $.pubkey %>
|
||||||
|
|
||||||
create_admin_via_nova:
|
create_admin_via_nova:
|
||||||
input:
|
input:
|
||||||
|
|
Loading…
Reference in New Issue