9385dcc50e
By setting tripleo_admin_generate_key:true, the user will have a keypair created for it, and the public key is added to the authorized_keys file for that user. This allows the private key file to be injected elsewhere for other users to access this user. Specifically, this private key will be made available to the mistral-executor container so that it can ssh out into the tripleo-admin user on the undercloud. Change-Id: I6ec5a01e736aeb00fcad1e589211c6a8a8aeecef
31 lines
1.1 KiB
YAML
31 lines
1.1 KiB
YAML
- name: create user {{ tripleo_admin_user }}
|
|
user:
|
|
name: '{{ tripleo_admin_user }}'
|
|
generate_ssh_key: '{{ tripleo_admin_generate_key }}'
|
|
- name: grant admin rights to user {{ tripleo_admin_user }}
|
|
copy:
|
|
dest: /etc/sudoers.d/{{ tripleo_admin_user }}
|
|
content: |
|
|
{{ tripleo_admin_user }} ALL=(ALL) NOPASSWD:ALL
|
|
mode: 0440
|
|
- name: ensure .ssh dir exists for user {{ tripleo_admin_user }}
|
|
file:
|
|
path: /home/{{ tripleo_admin_user }}/.ssh
|
|
state: directory
|
|
owner: '{{ tripleo_admin_user }}'
|
|
group: '{{ tripleo_admin_user }}'
|
|
mode: 0700
|
|
- name: ensure authorized_keys file exists for user {{ tripleo_admin_user }}
|
|
file:
|
|
path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
|
|
state: touch
|
|
owner: '{{ tripleo_admin_user }}'
|
|
group: '{{ tripleo_admin_user }}'
|
|
mode: 0600
|
|
- name: append {{ tripleo_admin_user }} public key to authorized_keys
|
|
lineinfile:
|
|
path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
|
|
line: "{{ lookup('file', '/home/' + tripleo_admin_user + '/.ssh/id_rsa.pub')}}"
|
|
state: present
|
|
when: tripleo_admin_generate_key
|