commit 4f666939c66bacf74c0bbe3eecc3c17900b827de
author Andy Bavier <acb@cs.princeton.edu> Wed Sep 09 15:12:27 2015 -0400
committer Andy Bavier <acb@cs.princeton.edu> Wed Sep 09 15:12:27 2015 -0400
tree 5802b35a2f4320c204d9f421ff299bc648ff60f8
parent e0fb4586a7d7728c54e7a4d9f7aacf5cef48b0c0

Add capability to disable login via NAT (e.g., for vanilla OpenStack)

xos/observers/vcpe/vcpe_observer_config

diff --git a/xos/observers/vcpe/vcpe_observer_config b/xos/observers/vcpe/vcpe_observer_config
index 6d58340..baf2d8e 100644
--- a/xos/observers/vcpe/vcpe_observer_config
+++ b/xos/observers/vcpe/vcpe_observer_config
@@ -33,6 +33,7 @@
 pretend=False
 backoff_disabled=True
 save_ansible_output=True
+proxy_ssh=False
 
 [feefie]
 client_id='vicci_dev_central'

xos/openstack_observer/ansible.py

diff --git a/xos/openstack_observer/ansible.py b/xos/openstack_observer/ansible.py
index b53dd98..0e006ae 100755
--- a/xos/openstack_observer/ansible.py
+++ b/xos/openstack_observer/ansible.py
@@ -109,7 +109,7 @@
             except:
                 # fail silently
                 pass
-        
+
     else:
         msg = open(fqp+'.out').read()
 
@@ -139,28 +139,40 @@
     sliver_name = opts["sliver_name"]
     hostname = opts["hostname"]
     private_key = opts["private_key"]
+    nat_ip = opts["nat_ip"]
+
+    try:
+        proxy_ssh = Config().observer_proxy_ssh
+    except:
+        proxy_ssh = True
 
     (opts, fqp) = get_playbook_fn(opts, path)
     private_key_pathname = fqp + ".key"
     config_pathname = fqp + ".config"
     hosts_pathname = fqp + ".hosts"
 
-    proxy_command = "ProxyCommand ssh -q -i %s -o StrictHostKeyChecking=no %s@%s" % (private_key_pathname, instance_id, hostname)
-
     f = open(private_key_pathname, "w")
     f.write(private_key)
     f.close()
 
     f = open(config_pathname, "w")
     f.write("[ssh_connection]\n")
-    f.write('ssh_args = -o "%s" -o StrictHostKeyChecking=no\n' % proxy_command)
+    if proxy_ssh:
+        proxy_command = "ProxyCommand ssh -q -i %s -o StrictHostKeyChecking=no %s@%s" % (private_key_pathname, instance_id, hostname)
+        f.write('ssh_args = -o "%s"\n' % proxy_command)
     f.write('scp_if_ssh = True\n')
     f.write('pipelining = True\n')
+    f.write('\n[defaults]\n')
+    f.write('host_key_checking = False\n')
     f.close()
 
     f = open(hosts_pathname, "w")
     f.write("[%s]\n" % sliver_name)
-    f.write("%s ansible_ssh_private_key_file=%s\n" % (hostname, private_key_pathname))
+    if proxy_ssh:
+        f.write("%s ansible_ssh_private_key_file=%s\n" % (hostname, private_key_pathname))
+    else:
+        # acb: Login user is hardcoded, this is not great
+        f.write("%s ansible_ssh_private_key_file=%s ansible_ssh_user=ubuntu\n" % (nat_ip, private_key_pathname))
     f.close()
 
     # SSH will complain if private key is world or group readable