Make provision/remote role safe to include statically

Currently including the provision/remote role without intending to actually use it will break if the {{ virt_host_key }}.pub file does not exist. Ideally, we would be able to include it dynamically so that the tasks are not evaluated at compile time, but instead only if they are run. This would require a pretty large refactor though, because playbooks can not be included dynamically. Instead, we can make sure to have a default for the lookup so that it will not fail to evaluate. The task would still fail to run if the lookup falls back to the default, so we wont hide issues with the key not existing with this change. Change-Id: I347de079ada7c7b82f2f7affafa97f95c8029a3f
2017-10-20 11:07:47 -04:00 · 2017-10-20 11:07:47 -04:00 · 6eefa304ad
parent ca4c061df7
commit 6eefa304ad
3 changed files with 4 additions and 12 deletions
--- a/roles/libvirt/setup/undercloud/tasks/main.yml
+++ b/roles/libvirt/setup/undercloud/tasks/main.yml
@ -102,9 +102,7 @@
  - name: Add virt power key to root authorized keys if using qemu:///system
    authorized_key:
      user: root
-      key: "{{ item }}"
-    with_file:
-      - "{{ virt_power_key }}.pub"
+      key: "{{ lookup('file', virt_power_key|quote + '.pub')|default('') }}"
    when: libvirt_uri == "qemu:///system"

  # Copy the public key to `$HOME/.ssh/authorized_keys` for the `root`
--- a/roles/libvirt/setup/user/tasks/main.yml
+++ b/roles/libvirt/setup/user/tasks/main.yml
@ -35,15 +35,11 @@
 - name: Read virt_power private key
  no_log: True
  set_fact:
-    virt_power_key_pvt: "{{ item }}"
-  with_file:
-    - "{{ virt_power_key }}"
+    virt_power_key_pvt: "{{ lookup('file', virt_power_key)|default('') }}"

 - name: add virt_power_key to remote authorized_keys
  authorized_key:
    user: "{{ ansible_user_id }}"
-    key: "{{ item }}"
+    key: "{{ lookup('file', virt_power_key|quote + '.pub')|default('') }}"
    manage_dir: true
-  with_file:
-    - "{{ virt_power_key }}.pub"

--- a/roles/provision/remote/tasks/main.yml
+++ b/roles/provision/remote/tasks/main.yml
@ -57,9 +57,7 @@
 - name: Configure non-root user authorized_keys
  authorized_key:
    user: "{{ ssh_user }}"
-    key: "{{ item }}"
-  with_file:
-    - "{{ virt_host_key }}.pub"
+    key: "{{ lookup('file', virt_host_key|quote + '.pub')|default('') }}"
  become: true

 - name: Ensure polkit packages are installed