From 3125263df0ada02ec8c5a160e47fe35e4e87cec8 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Fri, 13 Oct 2023 21:25:52 +0200
Subject: [PATCH] Stop generating ssh keypair for zun and kuryr user
There is no obvious need to have an SSH keypairs for zun and kuryr users
I was not able to find any proof in the project installation guide that
such keypairs were ever needed. Thus, such functionality is removed.
Change-Id: Icdaf2fec944aae95947ff421bf47d88e0cc0505e
---
defaults/main.yml | 4 ----
.../no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml | 7 +++++++
tasks/zun_compute.yml | 17 -----------------
tasks/zun_pre_install.yml | 17 -----------------
4 files changed, 7 insertions(+), 38 deletions(-)
create mode 100644 releasenotes/notes/no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml
diff --git a/defaults/main.yml b/defaults/main.yml
index 00bd7d5..28c5b51 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -230,10 +230,6 @@ zun_service_internaluri: "{{ zun_service_internaluri_proto }}://{{ internal_lb_v
zun_service_internalurl: "{{ zun_service_internaluri }}"
zun_service_endpoint_type: internalURL
-# If you want to regenerate the zun users SSH keys, on each run, set this var to True
-# Otherwise keys will be generated on the first run and not regenerated each run.
-zun_recreate_keys: False
-
## General Zun configuration
# Select between the 'runc' or 'kata' runtime
zun_container_runtime: runc
diff --git a/releasenotes/notes/no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml b/releasenotes/notes/no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml
new file mode 100644
index 0000000..d37356b
--- /dev/null
+++ b/releasenotes/notes/no_zun_ssh_keypairs-4d2f4f6e92ee4ea4.yaml
@@ -0,0 +1,7 @@
+---
+
+deprecations:
+ - |
+ Generation of SSH keypairs for Zun and Kuryr users has been deprecated
+ and removed.
+ A variable ``zun_recreate_keys`` has been removed and has no effect.
diff --git a/tasks/zun_compute.yml b/tasks/zun_compute.yml
index b7b309f..62f243b 100644
--- a/tasks/zun_compute.yml
+++ b/tasks/zun_compute.yml
@@ -189,20 +189,6 @@
tags:
- zun-kuryr-group
-- name: Remove old kuryr key file(s) if found
- file:
- path: "{{ item }}"
- state: "absent"
- with_items:
- - "{{ zun_kuryr_system_home_folder }}/.ssh/authorized_keys"
- - "{{ zun_kuryr_system_home_folder }}/.ssh/id_rsa"
- - "{{ zun_kuryr_system_home_folder }}/.ssh/id_rsa.pub"
- when:
- - zun_recreate_keys | bool
- tags:
- - zun-kuryr-key
- - zun-kuryr-key-create
-
- name: Create the kuryr system user
user:
name: "{{ zun_kuryr_system_user_name }}"
@@ -213,12 +199,9 @@
system: "yes"
createhome: "yes"
home: "{{ zun_kuryr_system_home_folder }}"
- generate_ssh_key: "yes"
when: zun_kuryr_system_user_name != 'root'
tags:
- zun-kuryr-user
- - zun-kuryr-key
- - zun-kuryr-key-create
- name: Create kuryr dir
file:
diff --git a/tasks/zun_pre_install.yml b/tasks/zun_pre_install.yml
index 9ba12d0..cd5a64a 100644
--- a/tasks/zun_pre_install.yml
+++ b/tasks/zun_pre_install.yml
@@ -22,20 +22,6 @@
tags:
- zun-group
-- name: Remove old key file(s) if found
- file:
- path: "{{ item }}"
- state: "absent"
- with_items:
- - "{{ zun_system_home_folder }}/.ssh/authorized_keys"
- - "{{ zun_system_home_folder }}/.ssh/id_rsa"
- - "{{ zun_system_home_folder }}/.ssh/id_rsa.pub"
- when:
- - zun_recreate_keys | bool
- tags:
- - zun-key
- - zun-key-create
-
- name: Create the zun system user
user:
name: "{{ zun_system_user_name }}"
@@ -46,11 +32,8 @@
system: "yes"
createhome: "yes"
home: "{{ zun_system_home_folder }}"
- generate_ssh_key: "yes"
tags:
- zun-user
- - zun-key
- - zun-key-create
- name: Create zun dir
file: