tripleo-common/roles/tripleo-create-admin/README.md
Steve Baker 9385dcc50e Allow tripleo-admin user to have a keypair
By setting tripleo_admin_generate_key:true, the user will have
a keypair created for it, and the public key is added to the
authorized_keys file for that user.

This allows the private key file to be injected elsewhere for other
users to access this user.

Specifically, this private key will be made available to the
mistral-executor container so that it can ssh out into the
tripleo-admin user on the undercloud.

Change-Id: I6ec5a01e736aeb00fcad1e589211c6a8a8aeecef
2019-02-25 10:48:23 +13:00

1.4 KiB

TripleO Create Admin

A role to create an admin user to be later used for running playbooks.

Role Variables

Name Default Value Description
tripleo_admin_user tripleo-admin Name of user to create
tripleo_admin_pubkey [undefined] Public key for authorization

Requirements

  • ansible >= 2.4
  • python >= 2.6

Dependencies

None

Example Playbooks

Create and authorize user tripleo-admin

- hosts: localhost
  tasks:
  - import_role:
      name: tripleo-create-admin
    vars:
      tripleo_admin_user: tripleo-admin
      tripleo_admin_pubkey: ssh-rsa AAAA... # etc

Create user tripleo-admin

- hosts: controller-0
  tasks:
  - import_role:
      name: tripleo-create-admin
      tasks_from: create_user.yml

Create user tripleo-admin with a keypair

- hosts: undercloud
  tasks:
  - import_role:
      name: tripleo-create-admin
      tasks_from: create_user.yml
    vars: 
      tripleo_admin_generate_key: true

Authorize existing user

- hosts: localhost
  tasks:
  - import_role:
      name: tripleo-create-admin
      tasks_from: authorize_user.yml
    vars:
      tripleo_admin_user: tripleo-admin
      tripleo_admin_pubkey: ssh-rsa AAAA... # etc