openstack-ansible-tests/test-prepare-keys.yml
Jesse Pretorius 85b51389cc Use local connection and become for localhost plays
When targeting localhost with 'remote_user: root' and
using 'become: yes' we lose the environment variables
for the user running the playbook (eg: USER, HOME).

However, if we use 'connection: local' and 'become: yes'
together, it works properly.

To ensure these plays have the correct access to change
things on the host, we apply this change to them all.

We also ensure that 'become: no' is explicitly set on
any local connection plays to make the intent more
obvious. Finally, we also use 'yes' and 'no' uniformly.

Change-Id: I6e4607dd4aaffa0bfcda254103697bf9b28eca1a
2018-07-14 14:37:06 +01:00

116 lines
3.4 KiB
YAML

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note(andymccr):
# This uses local connection for the initial key setup
# as no key is setup to allow a connection to localhost
# as a remote host.
- name: Playbook for establishing ssh keys
hosts: localhost
gather_facts: false
any_errors_fatal: true
connection: local
become: yes
tasks:
- name: Ensure root has a .ssh directory
file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: "0700"
- name: Create ssh key pair for root
user:
name: root
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: /root/.ssh/id_rsa
- name: Get root private key
command: cat /root/.ssh/id_rsa
register: private_key_get
changed_when: false
- name: Get root public key
command: cat /root/.ssh/id_rsa.pub
register: public_key_get
changed_when: false
- name: Set key facts
set_fact:
root_public_key: "{{ public_key_get.stdout }}"
root_private_key: "{{ private_key_get.stdout }}"
lxc_container_ssh_key: "{{ public_key_get.stdout }}"
- name: Ensure root can ssh to localhost
authorized_key:
user: "root"
key: "{{ root_public_key }}"
# Note(hwoarang):
# This uses local connection for the initial key setup
# as no key is setup to allow a connection to localhost
# as a remote host.
- name: Playbook for establishing user ssh keys
hosts: localhost
connection: local
become: no
any_errors_fatal: true
tasks:
# Shell used because facts may not be ready yet
- name: Get user home directory
shell: "getent passwd '{{ ansible_user_id }}' | cut -d':' -f6"
register: user_home
changed_when: false
- name: Set local user home fact
set_fact:
calling_user_home: "{{ user_home.stdout }}"
- name: Ensure user has a .ssh directory
file:
path: "{{ calling_user_home }}/.ssh"
state: directory
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
mode: "0700"
when: ansible_user_id != 'root'
- name: Ensure user has the known private key
copy:
content: "{{ root_private_key }}"
dest: "{{ calling_user_home }}/.ssh/id_rsa"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
mode: "0600"
when: ansible_user_id != 'root'
- name: Ensure user has the known public key
copy:
content: "{{ root_public_key }}"
dest: "{{ calling_user_home }}/.ssh/id_rsa.pub"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_gid }}"
mode: "0600"
when: ansible_user_id != 'root'
- name: Ensure local user can ssh to localhost
authorized_key:
user: "{{ ansible_user_id }}"
key: "{{ root_public_key }}"
when: ansible_user_id != 'root'