openstack-ansible-tests/test-prepare-keys.yml
Dmitriy Rabotyagov 18a3067a4f Use buster jobs instead of stretch
As for U we don't support debian stretch, there is no need
in having stretch CI jobs. Buster ones should be used instead.

This also fixes ara report

Needed-by: https://review.opendev.org/706285
Change-Id: I554e512968718492ce6056b29b0612e450f0856b
2020-02-24 20:08:35 +02:00

118 lines
3.4 KiB
YAML

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note(andymccr):
# This uses local connection for the initial key setup
# as no key is setup to allow a connection to localhost
# as a remote host.
- name: Playbook for establishing ssh keys
hosts: localhost
gather_facts: false
any_errors_fatal: true
connection: local
become: yes
tasks:
- name: Ensure root has a .ssh directory
file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: "0700"
- name: Create ssh key pair for root
user:
name: root
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: /root/.ssh/id_rsa
- name: Get root private key
slurp:
src: /root/.ssh/id_rsa
register: private_key_get
changed_when: false
- name: Get root public key
slurp:
src: /root/.ssh/id_rsa.pub
register: public_key_get
changed_when: false
- name: Set key facts
set_fact:
root_public_key: "{{ public_key_get.content | b64decode }}"
root_private_key: "{{ private_key_get.content | b64decode }}"
lxc_container_ssh_key: "{{ public_key_get.content | b64decode }}"
- name: Ensure root can ssh to localhost
authorized_key:
user: "root"
key: "{{ root_public_key }}"
# Note(hwoarang):
# This uses local connection for the initial key setup
# as no key is setup to allow a connection to localhost
# as a remote host.
- name: Playbook for establishing user ssh keys
hosts: localhost
connection: local
become: no
any_errors_fatal: true
tasks:
# Shell used because facts may not be ready yet
- name: Get user home directory
shell: "getent passwd '{{ ansible_user_id }}' | cut -d':' -f6"
register: user_home
changed_when: false
- name: Set local user home fact
set_fact:
calling_user_home: "{{ user_home.stdout }}"
- name: Ensure user has a .ssh directory
file:
path: "{{ calling_user_home }}/.ssh"
state: directory
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
mode: "0700"
when: ansible_user_id != 'root'
- name: Ensure user has the known private key
copy:
content: "{{ root_private_key }}"
dest: "{{ calling_user_home }}/.ssh/id_rsa"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
mode: "0600"
when: ansible_user_id != 'root'
- name: Ensure user has the known public key
copy:
content: "{{ root_public_key }}"
dest: "{{ calling_user_home }}/.ssh/id_rsa.pub"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
mode: "0600"
when: ansible_user_id != 'root'
- name: Ensure local user can ssh to localhost
authorized_key:
user: "{{ ansible_user_id }}"
key: "{{ root_public_key }}"
when: ansible_user_id != 'root'