adds bifrost ssh key generation

- This change extend the genpwd.py
  command to generate an ssh key pair
  bifrost.
- This change bifrost config and bootstrap
  task to install the generated keys.
- This change updates the bifrost guide to
  discribe how to provide your own key.

Change-Id: I05243f58843d9195cace253dff5628fae89c78e8
Implements: blueprint bifrost-support
This commit is contained in:
Sean Mooney 2016-08-03 14:25:52 +00:00
parent 96b3f0ae3e
commit 538dbac24a
8 changed files with 41 additions and 2 deletions

View File

@ -7,3 +7,22 @@
ansible-playbook -vvvv -i /bifrost/playbooks/inventory/localhost ansible-playbook -vvvv -i /bifrost/playbooks/inventory/localhost
/bifrost/playbooks/install.yaml -e @/etc/bifrost/bifrost.yml /bifrost/playbooks/install.yaml -e @/etc/bifrost/bifrost.yml
-e @/etc/bifrost/dib.yml -e skip_package_install=true' -e @/etc/bifrost/dib.yml -e skip_package_install=true'
- name: installing ssh keys
command: >
docker exec bifrost_deploy
bash -c 'mkdir /root/.ssh ; mkdir /home/ironic/.ssh;
cp -f /etc/bifrost/id_rsa /root/.ssh/id_rsa &&
cp -f /etc/bifrost/id_rsa.pub /root/.ssh/id_rsa.pub &&
cp -f /etc/bifrost/ssh_config /root/.ssh/config &&
cp -f /etc/bifrost/id_rsa /home/ironic/.ssh/id_rsa &&
cp -f /etc/bifrost/id_rsa.pub /home/ironic/.ssh/id_rsa.pub &&
cp -f /etc/bifrost/ssh_config /home/ironic/.ssh/config &&
chmod 600 /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa.pub &&
chmod 600 /root/.ssh/config &&
chmod 600 /home/ironic/.ssh/id_rsa &&
chmod 600 /home/ironic/.ssh/id_rsa.pub &&
chmod 600 /home/ironic/.ssh/config &&
chown ironic:ironic /home/ironic/.ssh/id_rsa &&
chown ironic:ironic /home/ironic/.ssh/id_rsa.pub &&
chown ironic:ironic /home/ironic/.ssh/config'

View File

@ -19,3 +19,12 @@
- "dib" - "dib"
- "servers" - "servers"
- name: template ssh keys
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/bifrost/{{ item.dest }}"
with_items:
- { src: "id_rsa", dest: "id_rsa" }
- { src: "id_rsa.pub", dest: "id_rsa.pub" }
- { src: "ssh_config", dest: "ssh_config" }

View File

@ -0,0 +1 @@
{{ bifrost_ssh_key.private_key }}

View File

@ -0,0 +1 @@
{{ bifrost_ssh_key.public_key }}

View File

@ -0,0 +1,3 @@
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null

View File

@ -240,7 +240,8 @@ TODO
Bring your own ssh key Bring your own ssh key
---------------------- ----------------------
TODO To use your own ssh key after you have generated the passwords.yml file
update the private and public keys under bifrost_ssh_key.
Known issues Known issues
============ ============

View File

@ -88,6 +88,10 @@ keystone_ssh_key:
private_key: private_key:
public_key: public_key:
bifrost_ssh_key:
private_key:
public_key:
#################### ####################
# RabbitMQ options # RabbitMQ options
#################### ####################

View File

@ -43,7 +43,8 @@ def main():
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid'] uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid']
# SSH key pair # SSH key pair
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', 'keystone_ssh_key'] ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
'keystone_ssh_key', 'bifrost_ssh_key']
# If these keys are None, leave them as None # If these keys are None, leave them as None
blank_keys = ['docker_registry_password'] blank_keys = ['docker_registry_password']