From 6eefa304adaccf5f09518bf5e67016c5fc127167 Mon Sep 17 00:00:00 2001 From: John Trowbridge Date: Fri, 20 Oct 2017 11:07:47 -0400 Subject: [PATCH] Make provision/remote role safe to include statically Currently including the provision/remote role without intending to actually use it will break if the {{ virt_host_key }}.pub file does not exist. Ideally, we would be able to include it dynamically so that the tasks are not evaluated at compile time, but instead only if they are run. This would require a pretty large refactor though, because playbooks can not be included dynamically. Instead, we can make sure to have a default for the lookup so that it will not fail to evaluate. The task would still fail to run if the lookup falls back to the default, so we wont hide issues with the key not existing with this change. Change-Id: I347de079ada7c7b82f2f7affafa97f95c8029a3f --- roles/libvirt/setup/undercloud/tasks/main.yml | 4 +--- roles/libvirt/setup/user/tasks/main.yml | 8 ++------ roles/provision/remote/tasks/main.yml | 4 +--- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/roles/libvirt/setup/undercloud/tasks/main.yml b/roles/libvirt/setup/undercloud/tasks/main.yml index b0260c11f..70c232bdf 100644 --- a/roles/libvirt/setup/undercloud/tasks/main.yml +++ b/roles/libvirt/setup/undercloud/tasks/main.yml @@ -102,9 +102,7 @@ - name: Add virt power key to root authorized keys if using qemu:///system authorized_key: user: root - key: "{{ item }}" - with_file: - - "{{ virt_power_key }}.pub" + key: "{{ lookup('file', virt_power_key|quote + '.pub')|default('') }}" when: libvirt_uri == "qemu:///system" # Copy the public key to `$HOME/.ssh/authorized_keys` for the `root` diff --git a/roles/libvirt/setup/user/tasks/main.yml b/roles/libvirt/setup/user/tasks/main.yml index 9bb8d115b..a26bcc973 100644 --- a/roles/libvirt/setup/user/tasks/main.yml +++ b/roles/libvirt/setup/user/tasks/main.yml @@ -35,15 +35,11 @@ - name: Read virt_power private key no_log: True set_fact: - virt_power_key_pvt: "{{ item }}" - with_file: - - "{{ virt_power_key }}" + virt_power_key_pvt: "{{ lookup('file', virt_power_key)|default('') }}" - name: add virt_power_key to remote authorized_keys authorized_key: user: "{{ ansible_user_id }}" - key: "{{ item }}" + key: "{{ lookup('file', virt_power_key|quote + '.pub')|default('') }}" manage_dir: true - with_file: - - "{{ virt_power_key }}.pub" diff --git a/roles/provision/remote/tasks/main.yml b/roles/provision/remote/tasks/main.yml index aed391bdf..f52376bd8 100644 --- a/roles/provision/remote/tasks/main.yml +++ b/roles/provision/remote/tasks/main.yml @@ -57,9 +57,7 @@ - name: Configure non-root user authorized_keys authorized_key: user: "{{ ssh_user }}" - key: "{{ item }}" - with_file: - - "{{ virt_host_key }}.pub" + key: "{{ lookup('file', virt_host_key|quote + '.pub')|default('') }}" become: true - name: Ensure polkit packages are installed