Fix tobiko-ensure-ssh-keys to work out of Vagrant

Change-Id: Ice2ad3d8deff8b6976422618717679e647228ac3

playbooks/tripleo/pre.yaml

@@ -3,10 +3,7 @@
 - hosts: primary
   roles:
     - tobiko-zuul
+    - tobiko-ensure-ssh-keys
     - tobiko-configure
-
-    - name: "import tripleo-ci common role"
-      role: ci-common-vars
-
-    - name: "install tripleo"
-      role: run-test
+    - ci-common-vars
+    - run-test

roles/tests/Vagrantfile

@@ -118,7 +118,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       ansible.extra_vars = {
         'vagrant_nodes' => NODES,
         'vagrant_groups' => GROUPS,
-        'ssh_key_file' => SSH_KEY_FILE,
+        'ssh_local_key_file' => SSH_KEY_FILE,
         'rh_username' => RH_USERNAME,
         'rh_password' => RH_PASSWORD,
         'tobiko_src_dir' => TOBIKO_SRC_DIR,

roles/tests/provision.yaml

@@ -1,8 +1,79 @@
 ---
 
 - hosts: all
+  roles:
+    - tobiko-ensure-ssh-keys
+
   tasks:
-    - name: 'disable tempfs on Fedora'
+    - name: copy /etc/resolv.conf
+      become: yes
+      copy:
+        src: /etc/resolv.conf
+        dest: /etc/resolv.conf
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: make /etc/hosts
+      become: yes
+      template:
+        src: hosts.j2
+        dest: /etc/hosts
+        owner: root
+        mode: '0644'
+
+    - name: make ~/.ssh/config file with all nodes
+      template:
+        src: ssh_config.j2
+        dest: /home/vagrant/.ssh/config
+        owner: vagrant
+        mode: '0600'
+
+    - name: check ICMP connectivity
+      shell: |
+        set -xe
+        ping -c 1 '{{ item.1.ip }}'
+        ping -c 1 '{{ item.1.hostname }}'
+      changed_when: false
+      register: check_icmp_connectivity
+      loop: '{{ vagrant_nodes | dictsort }}'
+
+    - name: check SSH connectivity via hostname
+      shell: |
+        set -xe
+        ssh '{{ item.1.ip }}' hostname
+        ssh '{{ item.1.hostname }}' hostname
+        ssh '{{ item.0 }}' hostname
+      changed_when: false
+      register: check_ssh_connectivity
+      loop: '{{ vagrant_nodes | dictsort }}'
+
+
+- hosts: primary
+  tasks:
+    - name: set test_inventory_hostvars_yaml fact
+      set_fact:
+        test_inventory_hostvars_yaml: |
+          ---
+          {% for name, node in (vagrant_nodes | dictsort) %}
+          {{ name }}:
+            ansible_host: {{ node.hostname }}
+          {% endfor %}
+
+    - name: set test_inventory_hostvars fact
+      set_fact:
+        test_inventory_hostvars:
+          '{{ test_inventory_hostvars_yaml | from_yaml }}'
+        test_inventory_groups: '{{ vagrant_groups }}'
+
+    - debug: var=test_inventory_hostvars
+    - debug: var=test_inventory_groups
+    - include_role: name=tobiko-inventory
+
+
+- hosts: all
+  tasks:
+    - name: disable tempfs on Fedora
       become: yes
       command: systemctl mask tmp.mount  # noqa 303
       when: ansible_distribution == 'Fedora'
@@ -19,41 +90,7 @@
       - rh_username is defined
       - (rh_username | length) > 0
 
-
-- hosts: primary
-  tasks:
-    - name: "copy /etc/resolv.conf"
-      become: yes
-      copy:
-        src: /etc/resolv.conf
-        dest: /etc/resolv.conf
-        owner: root
-        group: root
-        mode: '0644'
-
-    - name: "make /etc/hosts"
-      become: yes
-      template:
-        src: 'hosts.j2'
-        dest: '/etc/hosts'
-        owner: root
-        mode: '0644'
-
-    - name: "make ~/.ssh/config file with all Vagrant nodes"
-      template:
-        src: 'ssh_config.j2'
-        dest: '/home/vagrant/.ssh/config'
-        owner: vagrant
-        mode: '0600'
-
-    - include_role:
-        name: tobiko-ensure-ssh-keys
-
-
-- hosts: all
-  tasks:
-
-    - name: "update APT database"
+    - name: update APT database
       apt:
         update_cache: yes
         cache_valid_time: 3600
@@ -61,66 +98,19 @@
       when:
         - ansible_os_family == 'Debian'
 
-    - name: "set authorized SSH key taken from '{{ ssh_key_file }}'"
-      authorized_key:
-        user: vagrant
-        state: present
-        key: "{{ lookup('file', ssh_key_file + '.pub') }}"
 
-    - name: "ensure deploy tools are installed"
+- hosts: primary
+  roles:
+    - tobiko-common
+  tasks:
+    - name: ensure deploy tools are installed
       become: true
       package: name='{{ item }}'
       loop:
         - git
         - rsync
 
-
-- hosts: primary
-  tasks:
-    - name: "check ICMP connectivity"
-      shell: |
-        set -xe
-        ping -c 1 '{{ item.1.ip }}'
-        ping -c 1 '{{ item.1.hostname }}'
-      changed_when: false
-      register: check_icmp_connectivity
-      loop: '{{ vagrant_nodes | dictsort }}'
-
-    - name: "check SSH connectivity via hostname"
-      shell: |
-        set -xe
-        ssh '{{ item.1.ip }}' hostname
-        ssh '{{ item.1.hostname }}' hostname
-        ssh '{{ item.0 }}' hostname
-      changed_when: false
-      register: check_ssh_connectivity
-      loop: '{{ vagrant_nodes | dictsort }}'
-
-    - name: "set test_inventory_hostvars_yaml fact"
-      set_fact:
-        test_inventory_hostvars_yaml: |
-          ---
-          {% for name, node in (vagrant_nodes | dictsort) %}
-          {{ name }}:
-            ansible_host: {{ node.hostname }}
-          {% endfor %}
-
-    - name: "set test_inventory_hostvars fact"
-      set_fact:
-        test_inventory_hostvars:
-          '{{ test_inventory_hostvars_yaml | from_yaml }}'
-        test_inventory_groups: '{{ vagrant_groups }}'
-
-    - debug: var=test_inventory_hostvars
-    - debug: var=test_inventory_groups
-
-
-- hosts: primary
-  roles:
-    - role: tobiko-inventory
-
-  tasks:
-    - name: "copy '{{ tobiko_src_dir }}' to '{{ tobiko_dir }}'"
+    - name: copy '{{ tobiko_src_dir }}' to '{{ tobiko_dir }}'
       synchronize:
         src: "{{ tobiko_src_dir | realpath }}/."
         dest: "{{ tobiko_dir }}"

roles/tests/templates/ssh_config.j2

@@ -4,9 +4,9 @@
 {% for node in (vagrant_nodes | dictsort) %}
 Host {{ node.0 }} {{ node.1.hostname }} {{ node.1.ip }}
   Hostname {{ node.1.hostname }}
-  User vagrant
+  User {{ ssh_key_user }}
   StrictHostkeyChecking no
   UserKnownHostsFile /dev/null
-  IdentityFile ~/.ssh/id_ecdsa
+  IdentityFile {{ ssh_key_file }}
 
 {% endfor %}

roles/tobiko-ensure-ssh-keys/defaults/main.yaml

@@ -1,3 +0,0 @@
----
-
-ssh_key_file: '{{ playbook_dir }}/ssh_identity'

roles/tobiko-ensure-ssh-keys/tasks/main.yaml

@@ -1,22 +1,39 @@
 ---
 
-- name: "generate local SSH key '{{ ssh_key_file }}'"
+- name: generate local SSH key file ({{ ssh_local_key_file }})
   openssh_keypair:
-    path: '{{ ssh_key_file }}'
-    type: ecdsa
-    size: 521
+    path: '{{ ssh_local_key_file }}'
+    type: '{{ ssh_key_algorithm }}'
+    size: '{{ ssh_key_size }}'
     state: present
     force: no
   delegate_to: localhost
 
+- name: make sure '{{ ssh_key_file | dirname }}' directory exists
+  file:
+    state: directory
+    path: '{{ ssh_key_file | dirname }}'
+    mode: 0700
 
-- name: "copy '{{ ssh_key_file }}' file to host"
+- name: copy '{{ ssh_local_key_file }}' file to '{{ ssh_key_file }}'
   copy:
-    src: '{{ ssh_key_file }}{{ item }}'
-    dest: '/home/vagrant/.ssh/id_ecdsa{{ item }}'
-    owner: vagrant
-    group: vagrant
+    src: '{{ ssh_local_key_file }}{{ item }}'
+    dest: '{{ ssh_key_file }}{{ item }}'
+    owner: '{{ ssh_key_user }}'
+    group: '{{ ssh_key_user }}'
     mode: '0600'
   loop:
     - ''
     - '.pub'
+
+- name: enable access via key file on all nodes
+  authorized_key:
+    user: '{{ ssh_key_user }}'
+    state: present
+    key: "{{ lookup('file', ssh_local_key_file + '.pub') }}"
+
+
+- name: set facts
+  set_fact:
+    ssh_key_file: '{{ ssh_key_file }}'
+    ssh_key_user: '{{ ssh_key_user }}'

roles/tobiko-ensure-ssh-keys/vars/main.yaml

@@ -0,0 +1,7 @@
+---
+
+ssh_local_key_file: '{{ playbook_dir }}/ssh_identity'
+ssh_key_file: '{{ ansible_user_dir }}/.ssh/id_{{ ssh_key_algorithm }}'
+ssh_key_algorithm: ecdsa
+ssh_key_size: 521
+ssh_key_user: '{{ ansible_ssh_user }}'