Make SSH keys configurable

Defaults to using stack/.ssh/id_rsa on the control host
This commit is contained in:
Mark Goddard 2017-02-16 10:44:31 +00:00
parent 94b911d44d
commit cbd6fcc522
11 changed files with 53 additions and 5 deletions

View File

@ -3,3 +3,5 @@
hosts: config-mgmt hosts: config-mgmt
roles: roles:
- role: bootstrap - role: bootstrap
bootstrap_ssh_key_type: "{{ ssh_key_type }}"
bootstrap_ssh_private_key_path: "{{ ssh_private_key_path }}"

View File

@ -0,0 +1,19 @@
---
###############################################################################
# SSH configuration.
# Type of SSH key.
ssh_key_type: "rsa"
# Name of SSH key.
ssh_key_name: "{{ 'id_' ~ ssh_key_type }}"
# Path to SSH private key on the control host.
ssh_private_key_path: "{{ lookup('env', 'HOME') ~ '/.ssh/' ~ ssh_key_name }}"
# Path to SSH public key on the control host.
ssh_public_key_path: "{{ ssh_private_key_path ~ '.pub' }}"
###############################################################################
# Dummy variable to allow Ansible to accept this file.
workaround_ansible_issue_8743: yes

View File

@ -3,4 +3,4 @@
hosts: seed:controllers hosts: seed:controllers
roles: roles:
- role: kolla-host - role: kolla-host
kolla_authorized_key: "{{ lookup('file', lookup('env', 'HOME') ~ '/.ssh/id_rsa.pub') }}" kolla_authorized_key: "{{ lookup('file', ssh_public_key_path) }}"

View File

@ -0,0 +1,6 @@
---
# Type of SSH key to generate.
bootstrap_ssh_key_type:
# Path to SSH private key file.
bootstrap_ssh_private_key_path:

View File

@ -10,17 +10,17 @@
- name: Check whether an SSH key exists - name: Check whether an SSH key exists
stat: stat:
path: "{{ ansible_user_dir }}/.ssh/id_rsa" path: "{{ bootstrap_ssh_private_key_path }}"
register: ssh_key_stat register: ssh_key_stat
- name: Generate an SSH key - name: Generate an SSH key
command: ssh-keygen -t rsa -N '' -f {{ ansible_user_dir }}/.ssh/id_rsa command: ssh-keygen -t {{ boostrap_ssh_key_type }} -N '' -f {{ bootstrap_ssh_private_key_path }}
when: not ssh_key_stat.stat.exists when: not ssh_key_stat.stat.exists
- name: Ensure SSH public key is in authorized keys - name: Ensure SSH public key is in authorized keys
authorized_key: authorized_key:
user: "{{ ansible_user_id }}" user: "{{ ansible_user_id }}"
key: "{{ lookup('file', ansible_user_dir ~ '/.ssh/id_rsa.pub') }}" key: "{{ lookup('file', bootstrap_ssh_private_key_path ~ '.pub') }}"
- name: Scan for SSH keys - name: Scan for SSH keys
command: ssh-keyscan {{ item }} command: ssh-keyscan {{ item }}

View File

@ -17,7 +17,7 @@
configdrive_uuid: "{{ seed_host | to_uuid }}" configdrive_uuid: "{{ seed_host | to_uuid }}"
configdrive_fqdn: "{{ seed_host }}" configdrive_fqdn: "{{ seed_host }}"
configdrive_name: "{{ seed_host }}" configdrive_name: "{{ seed_host }}"
configdrive_ssh_public_key: "{{ lookup('file', '{{ ansible_user_dir }}/.ssh/id_rsa.pub') }}" configdrive_ssh_public_key: "{{ lookup('file', ssh_public_key_path) }}"
configdrive_config_dir: "{{ image_cache_path }}" configdrive_config_dir: "{{ image_cache_path }}"
configdrive_volume_path: "{{ image_cache_path }}" configdrive_volume_path: "{{ image_cache_path }}"
configdrive_config_dir_delete: True configdrive_config_dir_delete: True

View File

@ -14,6 +14,7 @@ function run_playbook {
-e @${KAYOBE_CONFIG_PATH}/networks.yml \ -e @${KAYOBE_CONFIG_PATH}/networks.yml \
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \ -e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \ -e @${KAYOBE_CONFIG_PATH}/ntp.yml \
-e @${KAYOBE_CONFIG_PATH}/ssh.yml \
-e @${KAYOBE_CONFIG_PATH}/swift.yml \ -e @${KAYOBE_CONFIG_PATH}/swift.yml \
$@ $@
} }

View File

@ -15,6 +15,8 @@ function run_playbook {
-e @${KAYOBE_CONFIG_PATH}/networks.yml \ -e @${KAYOBE_CONFIG_PATH}/networks.yml \
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \ -e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \ -e @${KAYOBE_CONFIG_PATH}/ntp.yml \
-e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
-e @${KAYOBE_CONFIG_PATH}/ssh.yml \
-e @${KAYOBE_CONFIG_PATH}/swift.yml \ -e @${KAYOBE_CONFIG_PATH}/swift.yml \
$@ $@
} }

16
etc/kayobe/ssh.yml Normal file
View File

@ -0,0 +1,16 @@
---
###############################################################################
# SSH configuration.
# Name of SSH key.
#ssh_key_name:
# Path to SSH private key on the control host.
#ssh_private_key_path:
# Path to SSH public key on the control host.
#ssh_public_key_path:
###############################################################################
# Dummy variable to allow Ansible to accept this file.
workaround_ansible_issue_8743: yes

View File

@ -16,5 +16,6 @@ exec ansible-playbook \
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \ -e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \ -e @${KAYOBE_CONFIG_PATH}/ntp.yml \
-e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \ -e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
-e @${KAYOBE_CONFIG_PATH}/ssh.yml \
-e @${KAYOBE_CONFIG_PATH}/swift.yml \ -e @${KAYOBE_CONFIG_PATH}/swift.yml \
$@ $@

View File

@ -15,6 +15,7 @@ function run_playbook {
-e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \ -e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
-e @${KAYOBE_CONFIG_PATH}/ntp.yml \ -e @${KAYOBE_CONFIG_PATH}/ntp.yml \
-e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \ -e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
-e @${KAYOBE_CONFIG_PATH}/ssh.yml \
-e @${KAYOBE_CONFIG_PATH}/swift.yml \ -e @${KAYOBE_CONFIG_PATH}/swift.yml \
$@ $@
} }