Make SSH keys configurable

Defaults to using stack/.ssh/id_rsa on the control host
2017-02-16 10:44:31 +00:00 · 2017-02-16 10:44:31 +00:00 · cbd6fcc522
parent 94b911d44d
commit cbd6fcc522
11 changed files with 53 additions and 5 deletions
--- a/ansible/bootstrap.yml
+++ b/ansible/bootstrap.yml
@ -3,3 +3,5 @@
  hosts: config-mgmt
  roles:
    - role: bootstrap
+      bootstrap_ssh_key_type: "{{ ssh_key_type }}"
+      bootstrap_ssh_private_key_path: "{{ ssh_private_key_path }}"
--- a/ansible/group_vars/all/ssh
+++ b/ansible/group_vars/all/ssh
@ -0,0 +1,19 @@
+---
+###############################################################################
+# SSH configuration.
+
+# Type of SSH key.
+ssh_key_type: "rsa"
+
+# Name of SSH key.
+ssh_key_name: "{{ 'id_' ~ ssh_key_type }}"
+
+# Path to SSH private key on the control host.
+ssh_private_key_path: "{{ lookup('env', 'HOME') ~ '/.ssh/' ~ ssh_key_name }}"
+
+# Path to SSH public key on the control host.
+ssh_public_key_path: "{{ ssh_private_key_path ~ '.pub' }}"
+
+###############################################################################
+# Dummy variable to allow Ansible to accept this file.
+workaround_ansible_issue_8743: yes
--- a/ansible/kolla-host.yml
+++ b/ansible/kolla-host.yml
@ -3,4 +3,4 @@
  hosts: seed:controllers
  roles:
    - role: kolla-host
-      kolla_authorized_key: "{{ lookup('file', lookup('env', 'HOME') ~ '/.ssh/id_rsa.pub') }}"
+      kolla_authorized_key: "{{ lookup('file', ssh_public_key_path) }}"
--- a/ansible/roles/bootstrap/defaults/main.yml
+++ b/ansible/roles/bootstrap/defaults/main.yml
@ -0,0 +1,6 @@
+---
+# Type of SSH key to generate.
+bootstrap_ssh_key_type:
+
+# Path to SSH private key file.
+bootstrap_ssh_private_key_path:
--- a/ansible/roles/bootstrap/tasks/main.yml
+++ b/ansible/roles/bootstrap/tasks/main.yml
@ -10,17 +10,17 @@

 - name: Check whether an SSH key exists
  stat:
-    path: "{{ ansible_user_dir }}/.ssh/id_rsa"
+    path: "{{ bootstrap_ssh_private_key_path }}"
  register: ssh_key_stat

 - name: Generate an SSH key
-  command: ssh-keygen -t rsa -N '' -f {{ ansible_user_dir }}/.ssh/id_rsa
+  command: ssh-keygen -t {{ boostrap_ssh_key_type }} -N '' -f {{ bootstrap_ssh_private_key_path }}
  when: not ssh_key_stat.stat.exists

 - name: Ensure SSH public key is in authorized keys
  authorized_key:
    user: "{{ ansible_user_id }}"
-    key: "{{ lookup('file', ansible_user_dir ~ '/.ssh/id_rsa.pub') }}"
+    key: "{{ lookup('file', bootstrap_ssh_private_key_path ~ '.pub') }}"

 - name: Scan for SSH keys
  command: ssh-keyscan {{ item }}
--- a/ansible/seed-vm.yml
+++ b/ansible/seed-vm.yml
@ -17,7 +17,7 @@
      configdrive_uuid: "{{ seed_host | to_uuid }}"
      configdrive_fqdn: "{{ seed_host }}"
      configdrive_name: "{{ seed_host }}"
-      configdrive_ssh_public_key: "{{ lookup('file', '{{ ansible_user_dir }}/.ssh/id_rsa.pub') }}"
+      configdrive_ssh_public_key: "{{ lookup('file', ssh_public_key_path) }}"
      configdrive_config_dir: "{{ image_cache_path }}"
      configdrive_volume_path: "{{ image_cache_path }}"
      configdrive_config_dir_delete: True
--- a/deploy-overcloud.sh
+++ b/deploy-overcloud.sh
@ -14,6 +14,7 @@ function run_playbook {
        -e @${KAYOBE_CONFIG_PATH}/networks.yml \
        -e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
        -e @${KAYOBE_CONFIG_PATH}/ntp.yml \
+        -e @${KAYOBE_CONFIG_PATH}/ssh.yml \
        -e @${KAYOBE_CONFIG_PATH}/swift.yml \
        $@
 }
--- a/deploy-seed.sh
+++ b/deploy-seed.sh
@ -15,6 +15,8 @@ function run_playbook {
        -e @${KAYOBE_CONFIG_PATH}/networks.yml \
        -e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
        -e @${KAYOBE_CONFIG_PATH}/ntp.yml \
+        -e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
+        -e @${KAYOBE_CONFIG_PATH}/ssh.yml \
        -e @${KAYOBE_CONFIG_PATH}/swift.yml \
        $@
 }
--- a/etc/kayobe/ssh.yml
+++ b/etc/kayobe/ssh.yml
@ -0,0 +1,16 @@
+---
+###############################################################################
+# SSH configuration.
+
+# Name of SSH key.
+#ssh_key_name:
+
+# Path to SSH private key on the control host.
+#ssh_private_key_path:
+
+# Path to SSH public key on the control host.
+#ssh_public_key_path:
+
+###############################################################################
+# Dummy variable to allow Ansible to accept this file.
+workaround_ansible_issue_8743: yes
--- a/1
+++ b/1
@ -16,5 +16,6 @@ exec ansible-playbook \
  -e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
  -e @${KAYOBE_CONFIG_PATH}/ntp.yml \
  -e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
+  -e @${KAYOBE_CONFIG_PATH}/ssh.yml \
  -e @${KAYOBE_CONFIG_PATH}/swift.yml \
  $@
--- a/provision-seed.sh
+++ b/provision-seed.sh
@ -15,6 +15,7 @@ function run_playbook {
        -e @${KAYOBE_CONFIG_PATH}/network-allocation.yml \
        -e @${KAYOBE_CONFIG_PATH}/ntp.yml \
        -e @${KAYOBE_CONFIG_PATH}/seed-vm.yml \
+        -e @${KAYOBE_CONFIG_PATH}/ssh.yml \
        -e @${KAYOBE_CONFIG_PATH}/swift.yml \
        $@
 }