generate ssh key pair
Change-Id: I9f7cbdb0ba9379eed262cc211a5eff2be5b05f8a
diff --git a/roles/compute-node/files/id_rsa b/roles/compute-node/files/id_rsa
deleted file mode 100644
index e4a3947..0000000
--- a/roles/compute-node/files/id_rsa
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA4ixakIQFlpSXd3NJ98btbO7Dt0o9ioDl0ZLZa2v1g0dWifn0
-W5gkqo9VSkY2fPwUtgxnyoyVFiEc1MyLNxAkd6UHl+YzFw4dDCrEpu5XDCPCkvky
-dd2P3OiuxmheDqjpklPMWddsWSIA061qSdBQ+pYm9Qq5tfekvOVcAPPkoB22ftPr
-gnOSovvTwHfnZH/gfiI+IxUcWwLkneiUenw5oO+3Jie1Gbn3yFqf3pk+VG6M+8YH
-gZKY0/TBaFBHB+acKN3/yIhnnQzfwRyLX5txnYyaDI0HjVLJQiFK0XKgTGhm4U7C
-mpWkEH6WLF/cOs9+chQDDSwOxRD/VIw6W4sXIwIDAQABAoIBABhQFkg0uPkP7hxc
-G1Z0Xu931zgr1eO+qXXW6GJgz5qWH5pjcT4rY72l/NAoLhFPc9aCDOI8LIaddqD1
-f/2iUZk+90r/5vwSe1LkghFDy721VmRAP4lmEOH5bVhMvderlrgxI+WAf9gxDI+0
-s5lNuHbHj1aGGaKTBXV83mAH18rSUxxPZ+M5xT9RE5uKJwZcRLrqnOI3dleGy7xc
-Pxrtm0v/507DVjRdQzpjcYkndGQXfOqjNLEtwMADwmYCOEF3sqaSSDeqYtg/IOIR
-hiM65ekl7R+bqMaowv82V5NCfdSXKyRLvk4Nr9E9Jji9gPA2bYkx6ASkkWduGzA3
-tYqs5kkCgYEA9y396CV/NQfxGGwRD/lLtpNG/YgzihO+IojLd5RsdTCUxvxB5BCx
-i/KGWisg5PLORBh1UGpyrSIKaoMJXbrSSpQwZri+Xnpjt/qHIT8KWUN4tuiHKluV
-DkWQFkD1aOIZujWEX9J25C/SGICtyCIWp/ylNPX6Kwf/cm8W7A7GPU0CgYEA6j53
-dHW2ia4k0ze0HI0PWaiZoi2jFhzI33le1MMBjRMIS3TW2LajWB3TjFs+AdLb831P
-gQrA76oMQ5KDZ3o2b4NrixwfRAQaBBW2cCsRLkxZEIsoVa3QthT5UihqR/t6G6FB
-u9pl+fK8IsHoc5pKFtOkCD9c/Axyu0m30BWqLi8CgYEAjbEPm8Pi58NlsVpBbaa6
-gC5sw2kQIlau550DBclPYt42atqv6sym+lJMMeQHNzb4hpB+r1pV4mlhDy2OcOxn
-H9lS5Y+BkScXgp9aVvSMOh8zU6Z31RAqocO+lQMnqrfxh4ymFUfQX34KMYGSHOdt
-lV5+VZ2rin9LL43+1dKiUQECgYEAlOCQ4ZbzJjxlMU1lDwRkbjKnOplQ3vv6e3ZT
-XFx4fuZKzlJ7Po+N77I9Qya2mUgf/Xh2cGiaSXjFhKj5FWpqcKORVX/RK1SECHaY
-VmA48jkaHlajkxj+3ssjzyDas9dUO31ZHwDm8V5iTqD5kYfNcQagaZGEEroCraBj
-0EAEwocCgYEAmQ2RumGHjYdSgkxw1MWCAXg1RPBaifZifErhe1MiVkZuHdCxYn3p
-Yv7KPaOQtYfbZEN1Ww3ScWqIRZzOmRdEakFGFh+d1V+qK1r/Bj6SBSOND1UZFm+j
-+DeGwmHuPzdNbtoW4dqyFM5OFib3N9P6r87Kfl1X3q31R8gVhK4wtOo=
------END RSA PRIVATE KEY-----
diff --git a/roles/compute-node/files/id_rsa.pub b/roles/compute-node/files/id_rsa.pub
deleted file mode 100644
index 36daa90..0000000
--- a/roles/compute-node/files/id_rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLFqQhAWWlJd3c0n3xu1s7sO3Sj2KgOXRktlra/WDR1aJ+fRbmCSqj1VKRjZ8/BS2DGfKjJUWIRzUzIs3ECR3pQeX5jMXDh0MKsSm7lcMI8KS+TJ13Y/c6K7GaF4OqOmSU8xZ12xZIgDTrWpJ0FD6lib1Crm196S85VwA8+SgHbZ+0+uCc5Ki+9PAd+dkf+B+Ij4jFRxbAuSd6JR6fDmg77cmJ7UZuffIWp/emT5Uboz7xgeBkpjT9MFoUEcH5pwo3f/IiGedDN/BHItfm3GdjJoMjQeNUslCIUrRcqBMaGbhTsKalaQQfpYsX9w6z35yFAMNLA7FEP9UjDpbixcj cord@cord.lab
diff --git a/roles/compute-node/files/remove-maas-components b/roles/compute-node/files/remove-maas-components
index 4d85694..5adf79e 100755
--- a/roles/compute-node/files/remove-maas-components
+++ b/roles/compute-node/files/remove-maas-components
@@ -1,10 +1,31 @@
#!/bin/bash
-docker kill $(docker ps -q)
-docker rm -f $(docker ps -aq)
-docker rmi -f $(docker images -aq)
+KEEP_DOCKER=0
+DOCKER_ENGINE="docker-engine"
+DOCKER_REGISTRY="/docker-registry /docker-registry-mirror"
+CONTAINER_LIST=$(docker ps -qa)
-sudo apt-get remove --purge -y bind9 apache2 docker-engine ansible $(dpkg --get-selections | grep maas | cut -f1)
+while [ $# -gt 0 ]; do
+ case $1 in
+ -k|--keep-docker)
+ KEEP_DOCKER=1
+ DOCKER_ENGINE=
+ DOCKER_REGISTRY=
+ CONTAINER_LIST=$(docker ps --format '{{.ID}} {{.Names}}' | grep -v ' registry$' | grep -v ' registry-mirror$' | awk '{print $1}')
+ ;;
+ esac
+ shift
+done
+
+CONTAINER_LIST=$(docker ps --format '{{.ID}} {{.Names}}' | grep -v ' registry$' | grep -v ' registry-mirror$' | awk '{print $1}')
+
+docker kill $CONTAINER_LIST
+docker rm -f $CONTAINER_LIST
+if [ $KEEP_DOCKER -eq 0 ]; then
+ docker rmi -f $(docker images -aq)
+fi
+
+sudo apt-get remove --purge -y bind9 apache2 $DOCKER_ENGINE ansible $(dpkg --get-selections | grep maas | cut -f1)
sudo rm -rf \
/etc/maas \
@@ -20,12 +41,10 @@
/etc/apt/sources.list.d/ppa_maas_stable_trusty.list \
/etc/apt/sources.list.d/ppa_ansible_ansible_trusty.list \
/etc/network/if-pre-up.d/nat \
- /docker-registry \
- /docker-registry-mirror
+ $DOCKER_REGISTRY
sudo apt-get update -y
# remove NAT rules
sudo iptables --table nat --delete POSTROUTING --out-interface eth3 -j MASQUERADE
sudo iptables --delete FORWARD --in-interface mgmtbr -j ACCEPT
-
diff --git a/roles/compute-node/files/remove-xos-components b/roles/compute-node/files/remove-xos-components
index 1b6fc42..2f2cf07 100755
--- a/roles/compute-node/files/remove-xos-components
+++ b/roles/compute-node/files/remove-xos-components
@@ -19,6 +19,9 @@
UVT=$(which uvt-kvm)
test -z $UVT || uvt-kvm list | xargs uvt-kvm destroy
+LXC=$(which lxc)
+test -z $LXC || lxc delete --force $(lxc list | grep "^| [^ ]" | awk '{print $2}')
+
sudo apt-get remove --purge -y $(dpkg --get-selections | grep "nagioas\|juju\|nova\|neutron" | awk '{print $1}') &&sudo apt-get autoremove -y && sudo rm -rf /etc/juju /etc/neutron /home/ubuntu/.juju && sudo find / -name "*juju*" -exec rm -r \{\} \; && sudo rm -f /var/lib/uvtool/libvirt/images/*
OVS=$(which ovs-vsctl)
diff --git a/roles/compute-node/meta/main.yml b/roles/compute-node/meta/main.yml
index 047a60f..2e50ead 100644
--- a/roles/compute-node/meta/main.yml
+++ b/roles/compute-node/meta/main.yml
@@ -12,5 +12,6 @@
galaxy_tags:
- cord
dependencies:
+ - { role: prep }
- { role: local-ubuntu-repository, when: ubuntu_apt_repo is defined }
- { role : docker }
diff --git a/roles/compute-node/tasks/main.yml b/roles/compute-node/tasks/main.yml
index f093d17..bfafc40 100644
--- a/roles/compute-node/tasks/main.yml
+++ b/roles/compute-node/tasks/main.yml
@@ -19,6 +19,7 @@
become: yes
apt: name={{ item }} state=present force=yes
with_items:
+ - whois
- build-essential=11.6*
- git=1:1.9.*
- python-pip=1.5.4*
@@ -29,6 +30,31 @@
- curl=7.35.*
- jq=1.3*
+- name: Validate Encyrpted Compute Node Password
+ set_fact:
+ already_encrypted: "{{compute_node.password.startswith('enc:')}}"
+
+# If the compute_node.password begins with 'enc:' then it is an
+# encyrpted password, which is what we need so we are done. Thus
+# if it is not encrypted then we have to encrypt it
+
+- name: Encyrpt Compute Node Password
+ command: "mkpasswd --method=sha-512 {{compute_node.password}}"
+ register: encrypted
+ changed_when: false
+ when: "not already_encrypted"
+
+- name: Update Compute Node Password
+ set_fact:
+ compute_node_update:
+ password: "enc:{{encrypted.stdout}}"
+ when: "not already_encrypted"
+
+- name: Merge Compute Node Properties
+ set_fact:
+ compute_node: "{{compute_node|combine(compute_node_update,recursive=True)}}"
+ when: "not already_encrypted"
+
- name: Ensure Docker Insecure Repository
become: yes
lineinfile:
@@ -61,16 +87,18 @@
- name: Set Default Password
become: yes
user:
- name={{ ansible_user }}
- password="$6$TjhJuOgh8xp.v$z/4GwFbn5koVmkD6Ex9wY7bgP7L3uP2ujZkZSs1HNdzQdz9YclbnZH9GvqMC/M1iwC0MceL05.13HoFz/bai0/"
+ name: "{{ansible_user}}"
+ password: "{{compute_node.password.split(':',1)[1]}}"
when: '"{{ ansible_user }}" == "ubuntu"'
+ tags:
+ - set_compute_node_password
- name: Authorize SSH Key
become: yes
authorized_key:
- key="{{ pub_ssh_key }}"
- user={{ ansible_user }}
- state=present
+ key: "{{ pub_ssh_key }}"
+ user: "{{ ansible_user }}"
+ state: present
- name: Verify Private SSH Key
become: yes
@@ -78,16 +106,26 @@
path=/home/{{ ansible_user }}/.ssh/id_rsa
register: private_key
-- name: Ensure SSH Key
+- name: Ensure SSH Key Pair
+ become: yes
+ copy:
+ src: "/etc/maas/.ssh/{{item.src}}"
+ dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}"
+ owner: "{{ansible_user}}"
+ group: "docker"
+ mode: "0600"
+ with_items:
+ - { "src": "cord_rsa", "dest": "id_rsa" }
+ - { "src": "cord_rsa.pub", "dest": "id_rsa.pub" }
+
+- name: Ensure SSH config
become: no
copy:
- src=files/{{ item }}
- dest={{ ansible_env['PWD'] }}/.ssh/{{ item }}
- owner={{ ansible_user }}
- mode=0600
+ src: "files/{{item}}"
+ dest: "{{ansible_env['PWD']}}/.ssh/{{item}}"
+ owner: "{{ansible_user}}"
+ mode: "0600"
with_items:
- - id_rsa
- - id_rsa.pub
- config
- name: Ensure CORD SUDO
@@ -97,7 +135,7 @@
dest=/etc/sudoers.d/99-cord-sudoers
owner=root
group=root
- mode=0600
+ mode="0600"
- name: Ensure Utility Scripts
become: yes
@@ -106,7 +144,7 @@
dest=/usr/local/bin/{{ item }}
owner=root
group=root
- mode=0755
+ mode="0755"
with_items:
- delete-fabric-config
- delete-node-prov-state
diff --git a/roles/compute-node/vars/main.yml b/roles/compute-node/vars/main.yml
index 7e6ff5e..5accf44 100644
--- a/roles/compute-node/vars/main.yml
+++ b/roles/compute-node/vars/main.yml
@@ -1,6 +1,7 @@
-pub_ssh_key: "{{ lookup('file', 'files/id_rsa.pub') }}"
+pub_ssh_key: "{{ lookup('file', '/etc/maas/.ssh/cord_rsa.pub') }}"
compute_node:
+ password: "{{password_compute_node | default(lookup('password', 'passwords/compute_node.txt'))}}"
fabric:
include:
names: "{{ fabric_include_names | default(omit) }}"