openstack/openstack-ansible
Code Issues Proposed changes

revised nova-compute ssh keys

Browse Source
This commit is contained in:
Kevin Carter 2014-09-03 13:53:04 -05:00
parent 9823a18001
commit 14848c07a9
5 changed files with 97 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rpc_deployment/playbooks/openstack/nova-all.yml
View File

@ -19,4 +19,5 @@
- include: nova-scheduler.yml - include: nova-scheduler.yml
- include: nova-conductor.yml - include: nova-conductor.yml
- include: nova-compute.yml - include: nova-compute.yml
- include: nova-compute-keys.yml
- include: nova-spice-console.yml - include: nova-spice-console.yml

42
rpc_deployment/playbooks/openstack/nova-compute-keys.yml Normal file
View File

@ -0,0 +1,42 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: localhost
user: root
gather_facts: false
tasks:
- name: Remove [ /tmp/authorized_keys ] file if found
file:
path: "/tmp/authorized_keys"
state: "absent"
- hosts: nova_compute
user: root
roles:
- nova_compute_sshkey_create
- hosts: nova_compute
user: root
roles:
- nova_compute_sshkey_setup
- hosts: localhost
user: root
gather_facts: false
tasks:
- name: Remove [ /tmp/authorized_keys ] file if found
file:
path: "/tmp/authorized_keys"
state: "absent"

1
rpc_deployment/playbooks/openstack/nova-compute.yml
View File

@ -33,7 +33,6 @@
- nova_libvirt - nova_libvirt
- galera_client_cnf - galera_client_cnf
- init_script - init_script
- nova_compute_sshkey_setup
vars_files: vars_files:
- inventory/group_vars/nova_all.yml - inventory/group_vars/nova_all.yml
- vars/config_vars/container_config_nova_compute.yml - vars/config_vars/container_config_nova_compute.yml

40
rpc_deployment/roles/nova_compute_sshkey_create/tasks/main.yml
View File

@ -13,7 +13,43 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Create the keys directory for the nova user
file:
state: "directory"
path: "/var/lib/nova/.ssh"
group: "nova"
owner: "nova"
mode: "0700"
- name: Remove old key if found
file:
path: "{{ item }}"
state: "absent"
with_items:
- "/var/lib/nova/.ssh/nova"
- "/var/lib/nova/.ssh/nova.pub"
- name: Create the nova SSH key if it doesnt exist - name: Create the nova SSH key if it doesnt exist
shell: > shell: ssh-keygen -f /var/lib/nova/.ssh/nova -t rsa -q -N ""
ls ~/.ssh/nova 2>/dev/null || ssh-keygen -f ~/.ssh/nova -t rsa -q -N ""
- name: Change permissions on the generated keys
file:
path: "{{ item.path }}"
group: "nova"
owner: "nova"
mode: "{{ item.mode }}"
with_items:
- { path: "/var/lib/nova/.ssh/nova", mode: "0600" }
- { path: "/var/lib/nova/.ssh/nova.pub", mode: "0644" }
- name: Get public key contents
command: cat /var/lib/nova/.ssh/nova.pub
register: nova_pub
changed_when: false
- name: Build authorized keys
lineinfile:
dest: "/tmp/authorized_keys"
line: "{{ nova_pub.stdout }}"
create: "yes"
delegate_to: localhost delegate_to: localhost

59
rpc_deployment/roles/nova_compute_sshkey_setup/tasks/main.yml
View File

@ -13,49 +13,22 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Create the keys directory for the nova user
file: >
state=directory
path=/var/lib/nova/.ssh
group=nova
owner=nova
mode=0700
- name: Set nova users shell to /bin/bash and generate ssh_key
user: >
name=nova
shell=/bin/bash
- name: Copy private key up to nova nodes
copy: >
src="~/.ssh/nova"
dest=/var/lib/nova/.ssh/id_rsa
owner=nova
group=nova
mode=0600
- name: Copy public key up to nova nodes
copy: >
src="~/.ssh/nova.pub"
dest=/var/lib/nova/.ssh/id_rsa.pub
owner=nova
group=nova
mode=0644
- name: Add key to authorized_keys file
authorized_key:
user=nova
path=/var/lib/nova/.ssh/authorized_keys
manage_dir=no
key="{{ lookup('file', '/var/lib/nova/.ssh/id_rsa.pub') }}"
- name: Prevent known_hosts from causing an issue - name: Prevent known_hosts from causing an issue
copy: > copy:
src=ssh_config src: "ssh_config"
dest="/var/lib/nova/.ssh/config" dest: "/var/lib/nova/.ssh/config"
owner=nova owner: "nova"
group=nova group: "nova"
mode=0644 mode: "0644"
- name: Sync authorized_keys file
synchronize:
src: /tmp/authorized_keys
dest: /var/lib/nova/.ssh/authorized_keys
- name: Set authorized_keys permissions
file:
path: "/var/lib/nova/.ssh/authorized_keys"
owner: "nova"
group: "nova"
mode: "0600"