CORD-1151
Make cord_dir and cord_profile_dir local to config node
use head_* and config_* prefixes to avoid hardcoding paths
config-side ssh key generation+
fix frontend & mock builds
[build] group in inventory
fix inventory strangeness
raise privs when creating ssh_pki_dir
move admin-openrc.sh.j2 to cord-profile
add copy-cord-playbook.yml, clarify where it runs
fix paths for head_cord_profile_dir with mock/frontend
use /opt/cord_profile/admin-openrc.sh rather than ~/admin-openrc.sh
install pki
make comment in do-enlist-compute-node accurate, set correct interface
remove hardcoded credential path
logging and ssh key fixes
Change-Id: Ie7560c911dce1558e09806c9997884dfbd475e9c
diff --git a/roles/ssh-install/defaults/main.yml b/roles/ssh-install/defaults/main.yml
new file mode 100644
index 0000000..1fbddfa
--- /dev/null
+++ b/roles/ssh-install/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+# ssh-install/defaults/main.yml
+
+ssh_pki_dir: "{{ playbook_dir }}/ssh_pki"
+
+ssh_keytype: rsa
+
+# name of master ssh key for this pod
+pod_sshkey_name: "headnode"
+
+on_maas: False
diff --git a/roles/ssh-install/tasks/main.yml b/roles/ssh-install/tasks/main.yml
new file mode 100644
index 0000000..d59db84
--- /dev/null
+++ b/roles/ssh-install/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+# ssh-install/tasks/main.yml
+
+- name: Create ~/.ssh directory
+ file:
+ dest: "{{ ansible_user_dir }}/.ssh/"
+ mode: 0700
+ owner: "{{ ansible_user_id }}"
+ group: "{{ ansible_user_gid }}"
+ state: directory
+
+- name: Install ssh private key
+ copy:
+ src: "{{ ssh_pki_dir }}/client_certs/{{ pod_sshkey_name }}_sshkey"
+ dest: "{{ ansible_user_dir }}/.ssh/id_{{ ssh_keytype }}"
+ mode: 0600
+ owner: "{{ ansible_user_id }}"
+ group: "{{ ansible_user_gid }}"
+ backup: true
+
+- name: Install ssh public key
+ copy:
+ src: "{{ ssh_pki_dir }}/client_certs/{{ pod_sshkey_name }}_sshkey.pub"
+ dest: "{{ ansible_user_dir }}/.ssh/id_{{ ssh_keytype }}.pub"
+ mode: 0600
+ owner: "{{ ansible_user_id }}"
+ group: "{{ ansible_user_gid }}"
+ backup: true
+