85b51389cc
When targeting localhost with 'remote_user: root' and using 'become: yes' we lose the environment variables for the user running the playbook (eg: USER, HOME). However, if we use 'connection: local' and 'become: yes' together, it works properly. To ensure these plays have the correct access to change things on the host, we apply this change to them all. We also ensure that 'become: no' is explicitly set on any local connection plays to make the intent more obvious. Finally, we also use 'yes' and 'no' uniformly. Change-Id: I6e4607dd4aaffa0bfcda254103697bf9b28eca1a
116 lines
3.4 KiB
YAML
116 lines
3.4 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Note(andymccr):
|
|
# This uses local connection for the initial key setup
|
|
# as no key is setup to allow a connection to localhost
|
|
# as a remote host.
|
|
- name: Playbook for establishing ssh keys
|
|
hosts: localhost
|
|
gather_facts: false
|
|
any_errors_fatal: true
|
|
connection: local
|
|
become: yes
|
|
tasks:
|
|
- name: Ensure root has a .ssh directory
|
|
file:
|
|
path: /root/.ssh
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0700"
|
|
|
|
- name: Create ssh key pair for root
|
|
user:
|
|
name: root
|
|
generate_ssh_key: yes
|
|
ssh_key_bits: 2048
|
|
ssh_key_file: /root/.ssh/id_rsa
|
|
|
|
- name: Get root private key
|
|
command: cat /root/.ssh/id_rsa
|
|
register: private_key_get
|
|
changed_when: false
|
|
|
|
- name: Get root public key
|
|
command: cat /root/.ssh/id_rsa.pub
|
|
register: public_key_get
|
|
changed_when: false
|
|
|
|
- name: Set key facts
|
|
set_fact:
|
|
root_public_key: "{{ public_key_get.stdout }}"
|
|
root_private_key: "{{ private_key_get.stdout }}"
|
|
lxc_container_ssh_key: "{{ public_key_get.stdout }}"
|
|
|
|
- name: Ensure root can ssh to localhost
|
|
authorized_key:
|
|
user: "root"
|
|
key: "{{ root_public_key }}"
|
|
|
|
|
|
# Note(hwoarang):
|
|
# This uses local connection for the initial key setup
|
|
# as no key is setup to allow a connection to localhost
|
|
# as a remote host.
|
|
- name: Playbook for establishing user ssh keys
|
|
hosts: localhost
|
|
connection: local
|
|
become: no
|
|
any_errors_fatal: true
|
|
tasks:
|
|
# Shell used because facts may not be ready yet
|
|
- name: Get user home directory
|
|
shell: "getent passwd '{{ ansible_user_id }}' | cut -d':' -f6"
|
|
register: user_home
|
|
changed_when: false
|
|
|
|
- name: Set local user home fact
|
|
set_fact:
|
|
calling_user_home: "{{ user_home.stdout }}"
|
|
|
|
- name: Ensure user has a .ssh directory
|
|
file:
|
|
path: "{{ calling_user_home }}/.ssh"
|
|
state: directory
|
|
owner: "{{ ansible_user_id }}"
|
|
group: "{{ ansible_user_gid }}"
|
|
mode: "0700"
|
|
when: ansible_user_id != 'root'
|
|
|
|
- name: Ensure user has the known private key
|
|
copy:
|
|
content: "{{ root_private_key }}"
|
|
dest: "{{ calling_user_home }}/.ssh/id_rsa"
|
|
owner: "{{ ansible_user_id }}"
|
|
group: "{{ ansible_user_gid }}"
|
|
mode: "0600"
|
|
when: ansible_user_id != 'root'
|
|
|
|
- name: Ensure user has the known public key
|
|
copy:
|
|
content: "{{ root_public_key }}"
|
|
dest: "{{ calling_user_home }}/.ssh/id_rsa.pub"
|
|
owner: "{{ ansible_user_id }}"
|
|
group: "{{ ansible_user_gid }}"
|
|
mode: "0600"
|
|
when: ansible_user_id != 'root'
|
|
|
|
- name: Ensure local user can ssh to localhost
|
|
authorized_key:
|
|
user: "{{ ansible_user_id }}"
|
|
key: "{{ root_public_key }}"
|
|
when: ansible_user_id != 'root'
|