CORD-1401 Don't overwrite existing keypair, CiaB PCU setup roles
Change-Id: Ia0fe60315ed09ba39634ed5c25e50e7bfd51d1ab
diff --git a/roles/compute-node/tasks/main.yml b/roles/compute-node/tasks/main.yml
index fb5b9bb..0c3d8b0 100644
--- a/roles/compute-node/tasks/main.yml
+++ b/roles/compute-node/tasks/main.yml
@@ -114,8 +114,8 @@
group: "docker"
mode: "0600"
with_items:
- - { "src": "cord_rsa", "dest": "id_rsa" }
- - { "src": "cord_rsa.pub", "dest": "id_rsa.pub" }
+ - { "src": "cord_rsa", "dest": "cord_rsa" }
+ - { "src": "cord_rsa.pub", "dest": "cord_rsa.pub" }
- name: Ensure SSH config
become: yes
diff --git a/roles/maas-user-privkey/defaults/main.yml b/roles/maas-user-privkey/defaults/main.yml
new file mode 100644
index 0000000..a87005c
--- /dev/null
+++ b/roles/maas-user-privkey/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# roles/maas-user-privkey/defaults/main.yml
+
+maas_homedir: "/var/lib/maas"
+pub_ssh_key_file_location: "{{ pub_ssh_key_location | default ('/etc/maas/.ssh') }}"
diff --git a/roles/maas-user-privkey/tasks/main.yml b/roles/maas-user-privkey/tasks/main.yml
new file mode 100644
index 0000000..775c820
--- /dev/null
+++ b/roles/maas-user-privkey/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+# roles/maas-user-privkey/tasks/main.yml
+
+- name: Create maas .ssh dir
+ become: yes
+ file:
+ path: "{{ maas_homedir }}/.ssh"
+ state: directory
+ owner: maas
+ group: maas
+ mode: 0700
+
+- name: Copy generated private key to maas user
+ become: yes
+ copy:
+ src: "{{ pub_ssh_key_file_location }}/cord_rsa"
+ dest: "{{ maas_homedir }}/.ssh/id_rsa"
+ owner: maas
+ group: maas
+ mode: 0600
\ No newline at end of file
diff --git a/roles/maas-user-pubkey/defaults/main.yml b/roles/maas-user-pubkey/defaults/main.yml
new file mode 100644
index 0000000..bdc2bc0
--- /dev/null
+++ b/roles/maas-user-pubkey/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# roles/maas-user-pubkey/defaults/main.yml
+
+pub_ssh_key_file_location: "{{ pub_ssh_key_location | default ('/etc/maas/.ssh') }}"
+maas_groups: "libvirtd"
\ No newline at end of file
diff --git a/roles/maas-user-pubkey/tasks/main.yml b/roles/maas-user-pubkey/tasks/main.yml
new file mode 100644
index 0000000..5fb3492
--- /dev/null
+++ b/roles/maas-user-pubkey/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+# roles/maas-user-pubkey/tasks/main.yml
+
+- name: Create maas user
+ user:
+ name: maas
+ groups: "{{ maas_groups }}"
+ state: present
+
+- name: Authorize generated key for maas user
+ authorized_key:
+ user: maas
+ key: "{{ lookup('file', pub_ssh_key_file_location+'/cord_rsa.pub') }}"
+ state: present
diff --git a/roles/maas/tasks/main.yml b/roles/maas/tasks/main.yml
index 915ae27..ffb6ff7 100644
--- a/roles/maas/tasks/main.yml
+++ b/roles/maas/tasks/main.yml
@@ -304,13 +304,9 @@
- name: Ensure SSH keys for Ansible
become: yes
- command: cp {{ ansible_env['PWD'] }}/.ssh/id_rsa /etc/maas/ansible/id_rsa
- changed_when: true
-
-- name: Ensure SSH Key Permissions
- become: yes
- file:
- path: /etc/maas/ansible/id_rsa
+ copy:
+ src: "{{ pub_ssh_key_file_location }}/cord_rsa"
+ dest: "/etc/maas/ansible/id_rsa"
owner: root
group: root
mode: "0400"
diff --git a/roles/ssh-key/tasks/main.yml b/roles/ssh-key/tasks/main.yml
index 44ce66e..17f8368 100644
--- a/roles/ssh-key/tasks/main.yml
+++ b/roles/ssh-key/tasks/main.yml
@@ -15,7 +15,7 @@
- name: Ensure Key Authorized on Target Head Node
authorized_key:
- user: '{{ansible_ssh_user}}'
+ user: '{{ansible_user_id}}'
key: "{{lookup('file', '~/.ssh/id_rsa.pub')}}"
tags:
- establish_ssh_keys