diff --git a/ansible/roles/bifrost/tasks/bootstrap.yml b/ansible/roles/bifrost/tasks/bootstrap.yml index d4cb0fa79e..8332c1d9e6 100644 --- a/ansible/roles/bifrost/tasks/bootstrap.yml +++ b/ansible/roles/bifrost/tasks/bootstrap.yml @@ -7,3 +7,22 @@ ansible-playbook -vvvv -i /bifrost/playbooks/inventory/localhost /bifrost/playbooks/install.yaml -e @/etc/bifrost/bifrost.yml -e @/etc/bifrost/dib.yml -e skip_package_install=true' +- name: installing ssh keys + command: > + docker exec bifrost_deploy + bash -c 'mkdir /root/.ssh ; mkdir /home/ironic/.ssh; + cp -f /etc/bifrost/id_rsa /root/.ssh/id_rsa && + cp -f /etc/bifrost/id_rsa.pub /root/.ssh/id_rsa.pub && + cp -f /etc/bifrost/ssh_config /root/.ssh/config && + cp -f /etc/bifrost/id_rsa /home/ironic/.ssh/id_rsa && + cp -f /etc/bifrost/id_rsa.pub /home/ironic/.ssh/id_rsa.pub && + cp -f /etc/bifrost/ssh_config /home/ironic/.ssh/config && + chmod 600 /root/.ssh/id_rsa && + chmod 600 /root/.ssh/id_rsa.pub && + chmod 600 /root/.ssh/config && + chmod 600 /home/ironic/.ssh/id_rsa && + chmod 600 /home/ironic/.ssh/id_rsa.pub && + chmod 600 /home/ironic/.ssh/config && + chown ironic:ironic /home/ironic/.ssh/id_rsa && + chown ironic:ironic /home/ironic/.ssh/id_rsa.pub && + chown ironic:ironic /home/ironic/.ssh/config' diff --git a/ansible/roles/bifrost/tasks/config.yml b/ansible/roles/bifrost/tasks/config.yml index 8a66523bc2..14bcbb267f 100644 --- a/ansible/roles/bifrost/tasks/config.yml +++ b/ansible/roles/bifrost/tasks/config.yml @@ -19,3 +19,12 @@ - "dib" - "servers" +- name: template ssh keys + template: + src: "{{ item.src }}" + dest: "{{ node_config_directory }}/bifrost/{{ item.dest }}" + with_items: + - { src: "id_rsa", dest: "id_rsa" } + - { src: "id_rsa.pub", dest: "id_rsa.pub" } + - { src: "ssh_config", dest: "ssh_config" } + diff --git a/ansible/roles/bifrost/templates/id_rsa b/ansible/roles/bifrost/templates/id_rsa new file mode 100644 index 0000000000..d1d3a9ed49 --- /dev/null +++ b/ansible/roles/bifrost/templates/id_rsa @@ -0,0 +1 @@ +{{ bifrost_ssh_key.private_key }} diff --git a/ansible/roles/bifrost/templates/id_rsa.pub b/ansible/roles/bifrost/templates/id_rsa.pub new file mode 100644 index 0000000000..173bbb204b --- /dev/null +++ b/ansible/roles/bifrost/templates/id_rsa.pub @@ -0,0 +1 @@ +{{ bifrost_ssh_key.public_key }} diff --git a/ansible/roles/bifrost/templates/ssh_config b/ansible/roles/bifrost/templates/ssh_config new file mode 100644 index 0000000000..41dff51a6b --- /dev/null +++ b/ansible/roles/bifrost/templates/ssh_config @@ -0,0 +1,3 @@ +Host * + StrictHostKeyChecking no + UserKnownHostsFile /dev/null diff --git a/doc/bifrost.rst b/doc/bifrost.rst index 5e8f29c7cb..ce6ac4b461 100644 --- a/doc/bifrost.rst +++ b/doc/bifrost.rst @@ -240,7 +240,8 @@ TODO Bring your own ssh key ---------------------- -TODO +To use your own ssh key after you have generated the passwords.yml file +update the private and public keys under bifrost_ssh_key. Known issues ============ diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 8b78cb3cd4..f01567aa51 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -88,6 +88,10 @@ keystone_ssh_key: private_key: public_key: +bifrost_ssh_key: + private_key: + public_key: + #################### # RabbitMQ options #################### diff --git a/kolla/cmd/genpwd.py b/kolla/cmd/genpwd.py index fd15fbf583..60b6d55955 100755 --- a/kolla/cmd/genpwd.py +++ b/kolla/cmd/genpwd.py @@ -43,7 +43,8 @@ def main(): uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid'] # SSH key pair - ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', 'keystone_ssh_key'] + ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', + 'keystone_ssh_key', 'bifrost_ssh_key'] # If these keys are None, leave them as None blank_keys = ['docker_registry_password']