Allow user to specify private SSH key

This change allows insert user specified private ssh key for ironic. This is required for ansible deploy driver, and can be useful for another ssh based drivers. Change-Id: I203963c9aefa55e9c88f2a37e43b3ef440d02e23
2017-01-14 00:38:28 +02:00 · 2017-01-14 00:38:28 +02:00 · 5be9b6fa7a
parent c7adb13973
commit 5be9b6fa7a
4 changed files with 46 additions and 1 deletions
--- a/playbooks/releasenotes/notes/add-private-key-9788621be14ba324.yaml
+++ b/playbooks/releasenotes/notes/add-private-key-9788621be14ba324.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - Allow user to insert private SSH key for ironic user.
+    This is useful for ansible deploy driver and another ssh based drivers.
+    The private key can be specified as path to local file in
+    ``ssh_private_key_path`` variable, or as string in ``ssh_private_key``.
--- a/playbooks/roles/bifrost-ironic-install/README.md
+++ b/playbooks/roles/bifrost-ironic-install/README.md
@ -231,6 +231,14 @@ bifrost_venv_env: An environment dictionary that includes the environment
                  It is best not to reset this value unless you know you
                  need to.

+ssh_private_key_path: Defines the path to the SSH private key file to be
+                      placed as default ssh key for ironic user. Can be useful
+                      when ironic requires ssh access to another server.
+
+ssh_private_key: If a user wishes to define an SSH private key as a string,
+                 this variable can be utilized which overrides the
+                 ssh_private_key_path setting.
+
 Notes
 -----

--- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
@ -163,6 +163,12 @@
 - name: "Add ironic user to virtualization group"
  user: name=ironic group="{{ virt_group }}" append=yes
  when: testing | bool == true
+- name: "Identify ssh_private_key from ssh_private_key_path"
+  include: set_ssh_private_key.yml
+  when: >
+    testing | bool == false and
+    ssh_private_key is undefined and
+    ssh_private_key_path is defined
 - name: "Create SSH directory for ironic user"
  local_action: >
    file
@ -171,7 +177,20 @@
    group=ironic
    mode=0700
    state=directory
-  when: testing | bool == true
+  when: >
+    testing | bool == true or
+    ssh_private_key is defined
+- name: "Set private key file"
+  copy:
+    content: "{{ ssh_private_key }}"
+    dest: /home/ironic/.ssh/id_rsa
+    owner: ironic
+    group: ironic
+    mode: 0600
+  no_log: true
+  when: >
+    testing | bool == false and
+    ssh_private_key is defined
 - name: "Check for ironic user SSH key"
  local_action: stat path=/home/ironic/.ssh/id_rsa
  register: test_ironic_pvt_key
--- a/playbooks/roles/bifrost-ironic-install/tasks/set_ssh_private_key.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/set_ssh_private_key.yml
@ -0,0 +1,12 @@
+---
+- name: "Defined ssh_private_key_path - Check to see if there is a file where the ssh_private_key_path is defined"
+  local_action: stat path={{ ssh_private_key_path }}
+  register: test_ssh_private_key_path
+
+- name: "Defined ssh_private_key_path - Error if ssh_private_key_path is not valid"
+  local_action: fail msg="ssh_private_key_path is not valid."
+  when: test_ssh_private_key_path.stat.exists == false
+
+- name: "Defined ssh_private_key_path - Read SSH private key in"
+  set_fact: ssh_private_key="{{ lookup('file', ssh_private_key_path ) }}"
+  no_log: true