Generate per-site SSL intermediate CA, fix cred/pki paths
Change-Id: I0bda0791d82142acac8c6af0e152d8d0954ef719
diff --git a/roles/create-lxd/tasks/main.yml b/roles/create-lxd/tasks/main.yml
index fd3ace2..1b1dd7a 100644
--- a/roles/create-lxd/tasks/main.yml
+++ b/roles/create-lxd/tasks/main.yml
@@ -24,9 +24,10 @@
default_release: trusty-backports
# For lxd_profile, has to be run as normal user
-- name: Get user's SSH public key into lxd_ssh_pubkey to create LXD profile
- set_fact:
- lxd_ssh_pubkey: "{{ lookup('file', '{{ ansible_user_dir }}/.ssh/id_rsa.pub') }}"
+- name: slurp user's SSH public key on remote machine to create LXD profile
+ slurp:
+ src: "{{ ansible_user_dir }}/.ssh/id_rsa.pub"
+ register: slurped_pubkey
- name: Create openstack LXD profile
become: yes
@@ -37,7 +38,7 @@
user.user-data: |
#cloud-config
ssh_authorized_keys:
- - "{{ lxd_ssh_pubkey }}"
+ - "{{ slurped_pubkey['content'] | b64decode }}"
description: 'OpenStack services on CORD'
devices:
eth0:
diff --git a/roles/create-lxd/templates/ansible_hosts.j2 b/roles/create-lxd/templates/ansible_hosts.j2
index e2e58de..21f5c8a 100644
--- a/roles/create-lxd/templates/ansible_hosts.j2
+++ b/roles/create-lxd/templates/ansible_hosts.j2
@@ -3,20 +3,27 @@
# VMs will go away shortly in favor of containers
[vms]
+{% if head_vm_list is defined -%}
{% for vm in head_vm_list -%}
{{ vm.name }}
{% endfor -%}
+{% endif -%}
[containers]
+{% if head_lxd_list is defined -%}
{% for lxd in head_lxd_list -%}
{{ lxd.name }}
{% endfor -%}
+{% endif -%}
[services:children]
vms
containers
[docker]
+{% if head_vm_list is defined -%}
{% for vm in head_vm_list | selectattr('docker_path', 'defined') -%}
{{ vm.name }}
{% endfor -%}
+{% endif -%}
+