adds bifrost ssh key generation
- This change extend the genpwd.py command to generate an ssh key pair bifrost. - This change bifrost config and bootstrap task to install the generated keys. - This change updates the bifrost guide to discribe how to provide your own key. Change-Id: I05243f58843d9195cace253dff5628fae89c78e8 Implements: blueprint bifrost-support
This commit is contained in:
parent
96b3f0ae3e
commit
538dbac24a
@ -7,3 +7,22 @@
|
|||||||
ansible-playbook -vvvv -i /bifrost/playbooks/inventory/localhost
|
ansible-playbook -vvvv -i /bifrost/playbooks/inventory/localhost
|
||||||
/bifrost/playbooks/install.yaml -e @/etc/bifrost/bifrost.yml
|
/bifrost/playbooks/install.yaml -e @/etc/bifrost/bifrost.yml
|
||||||
-e @/etc/bifrost/dib.yml -e skip_package_install=true'
|
-e @/etc/bifrost/dib.yml -e skip_package_install=true'
|
||||||
|
- name: installing ssh keys
|
||||||
|
command: >
|
||||||
|
docker exec bifrost_deploy
|
||||||
|
bash -c 'mkdir /root/.ssh ; mkdir /home/ironic/.ssh;
|
||||||
|
cp -f /etc/bifrost/id_rsa /root/.ssh/id_rsa &&
|
||||||
|
cp -f /etc/bifrost/id_rsa.pub /root/.ssh/id_rsa.pub &&
|
||||||
|
cp -f /etc/bifrost/ssh_config /root/.ssh/config &&
|
||||||
|
cp -f /etc/bifrost/id_rsa /home/ironic/.ssh/id_rsa &&
|
||||||
|
cp -f /etc/bifrost/id_rsa.pub /home/ironic/.ssh/id_rsa.pub &&
|
||||||
|
cp -f /etc/bifrost/ssh_config /home/ironic/.ssh/config &&
|
||||||
|
chmod 600 /root/.ssh/id_rsa &&
|
||||||
|
chmod 600 /root/.ssh/id_rsa.pub &&
|
||||||
|
chmod 600 /root/.ssh/config &&
|
||||||
|
chmod 600 /home/ironic/.ssh/id_rsa &&
|
||||||
|
chmod 600 /home/ironic/.ssh/id_rsa.pub &&
|
||||||
|
chmod 600 /home/ironic/.ssh/config &&
|
||||||
|
chown ironic:ironic /home/ironic/.ssh/id_rsa &&
|
||||||
|
chown ironic:ironic /home/ironic/.ssh/id_rsa.pub &&
|
||||||
|
chown ironic:ironic /home/ironic/.ssh/config'
|
||||||
|
@ -19,3 +19,12 @@
|
|||||||
- "dib"
|
- "dib"
|
||||||
- "servers"
|
- "servers"
|
||||||
|
|
||||||
|
- name: template ssh keys
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ node_config_directory }}/bifrost/{{ item.dest }}"
|
||||||
|
with_items:
|
||||||
|
- { src: "id_rsa", dest: "id_rsa" }
|
||||||
|
- { src: "id_rsa.pub", dest: "id_rsa.pub" }
|
||||||
|
- { src: "ssh_config", dest: "ssh_config" }
|
||||||
|
|
||||||
|
1
ansible/roles/bifrost/templates/id_rsa
Normal file
1
ansible/roles/bifrost/templates/id_rsa
Normal file
@ -0,0 +1 @@
|
|||||||
|
{{ bifrost_ssh_key.private_key }}
|
1
ansible/roles/bifrost/templates/id_rsa.pub
Normal file
1
ansible/roles/bifrost/templates/id_rsa.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
{{ bifrost_ssh_key.public_key }}
|
3
ansible/roles/bifrost/templates/ssh_config
Normal file
3
ansible/roles/bifrost/templates/ssh_config
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
Host *
|
||||||
|
StrictHostKeyChecking no
|
||||||
|
UserKnownHostsFile /dev/null
|
@ -240,7 +240,8 @@ TODO
|
|||||||
|
|
||||||
Bring your own ssh key
|
Bring your own ssh key
|
||||||
----------------------
|
----------------------
|
||||||
TODO
|
To use your own ssh key after you have generated the passwords.yml file
|
||||||
|
update the private and public keys under bifrost_ssh_key.
|
||||||
|
|
||||||
Known issues
|
Known issues
|
||||||
============
|
============
|
||||||
|
@ -88,6 +88,10 @@ keystone_ssh_key:
|
|||||||
private_key:
|
private_key:
|
||||||
public_key:
|
public_key:
|
||||||
|
|
||||||
|
bifrost_ssh_key:
|
||||||
|
private_key:
|
||||||
|
public_key:
|
||||||
|
|
||||||
####################
|
####################
|
||||||
# RabbitMQ options
|
# RabbitMQ options
|
||||||
####################
|
####################
|
||||||
|
@ -43,7 +43,8 @@ def main():
|
|||||||
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid']
|
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid']
|
||||||
|
|
||||||
# SSH key pair
|
# SSH key pair
|
||||||
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', 'keystone_ssh_key']
|
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
|
||||||
|
'keystone_ssh_key', 'bifrost_ssh_key']
|
||||||
|
|
||||||
# If these keys are None, leave them as None
|
# If these keys are None, leave them as None
|
||||||
blank_keys = ['docker_registry_password']
|
blank_keys = ['docker_registry_password']
|
||||||
|
Loading…
Reference in New Issue
Block a user