a5f6eb6ed4
When generating keys and sharing them between nodes in a multinode env it is important that task which generates keys is finished before trying to use these keys on another node. The PR splits the Ansible block into two blocks and makes sure the playbook deploy-env is run with the linear strategy. Thus we can be sure that keys are first generated on all affected nodes and only then are used to setup tunnels and passwordless ssh. Change-Id: I9985855d7909aa5365876a24e2a806ab6be1dd7c
71 lines
2.5 KiB
YAML
71 lines
2.5 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
---
|
|
- name: Set client user home directory
|
|
set_fact:
|
|
client_user_home_directory: /home/{{ client_ssh_user }}
|
|
when: client_ssh_user != "root"
|
|
|
|
- name: Set client user home directory
|
|
set_fact:
|
|
client_user_home_directory: /root
|
|
when: client_ssh_user == "root"
|
|
|
|
- name: Set cluster user home directory
|
|
set_fact:
|
|
cluster_user_home_directory: /home/{{ cluster_ssh_user }}
|
|
when: cluster_ssh_user != "root"
|
|
|
|
- name: Set cluster user home directory
|
|
set_fact:
|
|
cluster_user_home_directory: /root
|
|
when: cluster_ssh_user == "root"
|
|
|
|
- name: Setup ssh keys
|
|
block:
|
|
- name: Generate ssh key pair
|
|
shell: |
|
|
ssh-keygen -t ed25519 -q -N "" -f {{ client_user_home_directory }}/.ssh/id_ed25519
|
|
args:
|
|
creates: "{{ client_user_home_directory }}/.ssh/id_ed25519.pub"
|
|
when: (inventory_hostname in (groups['primary'] | default([])))
|
|
|
|
- name: Read ssh public key
|
|
command: cat "{{ client_user_home_directory }}/.ssh/id_ed25519.pub"
|
|
register: ssh_public_key
|
|
when: (inventory_hostname in (groups['primary'] | default([])))
|
|
|
|
- name: Setup passwordless ssh from primary and cluster nodes
|
|
block:
|
|
- name: Set primary ssh public key
|
|
set_fact:
|
|
client_ssh_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['ssh_public_key', 'stdout']))[0] }}"
|
|
when: inventory_hostname in (groups['k8s_cluster'] | default([]))
|
|
|
|
- name: Put keys to .ssh/authorized_keys
|
|
lineinfile:
|
|
path: "{{ cluster_user_home_directory }}/.ssh/authorized_keys"
|
|
state: present
|
|
line: "{{ client_ssh_public_key }}"
|
|
when: inventory_hostname in (groups['k8s_cluster'] | default([]))
|
|
|
|
- name: Disable strict host key checking
|
|
template:
|
|
src: "files/ssh_config"
|
|
dest: "{{ client_user_home_directory }}/.ssh/config"
|
|
owner: "{{ client_ssh_user }}"
|
|
mode: 0644
|
|
backup: true
|
|
when: (inventory_hostname in (groups['primary'] | default([])))
|
|
...
|