Make SSH keys configurable
Defaults to using stack/.ssh/id_rsa on the control host
This commit is contained in:
parent
94b911d44d
commit
cbd6fcc522
@ -3,3 +3,5 @@
|
|||||||
hosts: config-mgmt
|
hosts: config-mgmt
|
||||||
roles:
|
roles:
|
||||||
- role: bootstrap
|
- role: bootstrap
|
||||||
|
bootstrap_ssh_key_type: "{{ ssh_key_type }}"
|
||||||
|
bootstrap_ssh_private_key_path: "{{ ssh_private_key_path }}"
|
||||||
|
19
ansible/group_vars/all/ssh
Normal file
19
ansible/group_vars/all/ssh
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
###############################################################################
|
||||||
|
# SSH configuration.
|
||||||
|
|
||||||
|
# Type of SSH key.
|
||||||
|
ssh_key_type: "rsa"
|
||||||
|
|
||||||
|
# Name of SSH key.
|
||||||
|
ssh_key_name: "{{ 'id_' ~ ssh_key_type }}"
|
||||||
|
|
||||||
|
# Path to SSH private key on the control host.
|
||||||
|
ssh_private_key_path: "{{ lookup('env', 'HOME') ~ '/.ssh/' ~ ssh_key_name }}"
|
||||||
|
|
||||||
|
# Path to SSH public key on the control host.
|
||||||
|
ssh_public_key_path: "{{ ssh_private_key_path ~ '.pub' }}"
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Dummy variable to allow Ansible to accept this file.
|
||||||
|
workaround_ansible_issue_8743: yes
|
@ -3,4 +3,4 @@
|
|||||||
hosts: seed:controllers
|
hosts: seed:controllers
|
||||||
roles:
|
roles:
|
||||||
- role: kolla-host
|
- role: kolla-host
|
||||||
kolla_authorized_key: "{{ lookup('file', lookup('env', 'HOME') ~ '/.ssh/id_rsa.pub') }}"
|
kolla_authorized_key: "{{ lookup('file', ssh_public_key_path) }}"
|
||||||
|
6
ansible/roles/bootstrap/defaults/main.yml
Normal file
6
ansible/roles/bootstrap/defaults/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
# Type of SSH key to generate.
|
||||||
|
bootstrap_ssh_key_type:
|
||||||
|
|
||||||
|
# Path to SSH private key file.
|
||||||
|
bootstrap_ssh_private_key_path:
|
@ -10,17 +10,17 @@
|
|||||||
|
|
||||||
- name: Check whether an SSH key exists
|
- name: Check whether an SSH key exists
|
||||||
stat:
|
stat:
|
||||||
path: "{{ ansible_user_dir }}/.ssh/id_rsa"
|
path: "{{ bootstrap_ssh_private_key_path }}"
|
||||||
register: ssh_key_stat
|
register: ssh_key_stat
|
||||||
|
|
||||||
- name: Generate an SSH key
|
- name: Generate an SSH key
|
||||||
command: ssh-keygen -t rsa -N '' -f {{ ansible_user_dir }}/.ssh/id_rsa
|
command: ssh-keygen -t {{ boostrap_ssh_key_type }} -N '' -f {{ bootstrap_ssh_private_key_path }}
|
||||||
when: not ssh_key_stat.stat.exists
|
when: not ssh_key_stat.stat.exists
|
||||||
|
|
||||||
- name: Ensure SSH public key is in authorized keys
|
- name: Ensure SSH public key is in authorized keys
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ ansible_user_id }}"
|
user: "{{ ansible_user_id }}"
|
||||||
key: "{{ lookup('file', ansible_user_dir ~ '/.ssh/id_rsa.pub') }}"
|
key: "{{ lookup('file', bootstrap_ssh_private_key_path ~ '.pub') }}"
|
||||||
|
|
||||||
- name: Scan for SSH keys
|
- name: Scan for SSH keys
|
||||||
command: ssh-keyscan {{ item }}
|
command: ssh-keyscan {{ item }}
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
configdrive_uuid: "{{ seed_host | to_uuid }}"
|
configdrive_uuid: "{{ seed_host | to_uuid }}"
|
||||||
configdrive_fqdn: "{{ seed_host }}"
|
configdrive_fqdn: "{{ seed_host }}"
|
||||||
configdrive_name: "{{ seed_host }}"
|
configdrive_name: "{{ seed_host }}"
|
||||||
configdrive_ssh_public_key: "{{ lookup('file', '{{ ansible_user_dir }}/.ssh/id_rsa.pub') }}"
|
configdrive_ssh_public_key: "{{ lookup('file', ssh_public_key_path) }}"
|
||||||
configdrive_config_dir: "{{ image_cache_path }}"
|
configdrive_config_dir: "{{ image_cache_path }}"
|
||||||
configdrive_volume_path: "{{ image_cache_path }}"
|
configdrive_volume_path: "{{ image_cache_path }}"
|
||||||
configdrive_config_dir_delete: True
|
configdrive_config_dir_delete: True
|
||||||
|
@ -14,6 +14,7 @@ function run_playbook {
|
|||||||
-e @${KAYOBE_CONFIG_PATH}/networks.yml \
|
-e @${KAYOBE_CONFIG_PATH}/networks.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
|
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \
|
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \
|
||||||
|
-e @${KAYOBE_CONFIG_PATH}/ssh.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/swift.yml \
|
-e @${KAYOBE_CONFIG_PATH}/swift.yml \
|
||||||
$@
|
$@
|
||||||
}
|
}
|
||||||
|
@ -15,6 +15,8 @@ function run_playbook {
|
|||||||
-e @${KAYOBE_CONFIG_PATH}/networks.yml \
|
-e @${KAYOBE_CONFIG_PATH}/networks.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
|
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \
|
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \
|
||||||
|
-e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
|
||||||
|
-e @${KAYOBE_CONFIG_PATH}/ssh.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/swift.yml \
|
-e @${KAYOBE_CONFIG_PATH}/swift.yml \
|
||||||
$@
|
$@
|
||||||
}
|
}
|
||||||
|
16
etc/kayobe/ssh.yml
Normal file
16
etc/kayobe/ssh.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
###############################################################################
|
||||||
|
# SSH configuration.
|
||||||
|
|
||||||
|
# Name of SSH key.
|
||||||
|
#ssh_key_name:
|
||||||
|
|
||||||
|
# Path to SSH private key on the control host.
|
||||||
|
#ssh_private_key_path:
|
||||||
|
|
||||||
|
# Path to SSH public key on the control host.
|
||||||
|
#ssh_public_key_path:
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# Dummy variable to allow Ansible to accept this file.
|
||||||
|
workaround_ansible_issue_8743: yes
|
@ -16,5 +16,6 @@ exec ansible-playbook \
|
|||||||
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
|
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \
|
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
|
-e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
|
||||||
|
-e @${KAYOBE_CONFIG_PATH}/ssh.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/swift.yml \
|
-e @${KAYOBE_CONFIG_PATH}/swift.yml \
|
||||||
$@
|
$@
|
||||||
|
@ -15,6 +15,7 @@ function run_playbook {
|
|||||||
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
|
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \
|
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
|
-e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
|
||||||
|
-e @${KAYOBE_CONFIG_PATH}/ssh.yml \
|
||||||
-e @${KAYOBE_CONFIG_PATH}/swift.yml \
|
-e @${KAYOBE_CONFIG_PATH}/swift.yml \
|
||||||
$@
|
$@
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user