-
Notifications
You must be signed in to change notification settings - Fork 55
/
Copy pathcephadm-distribute-ssh-key.yml
75 lines (69 loc) · 3.11 KB
/
cephadm-distribute-ssh-key.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
---
# Copyright Red Hat
# SPDX-License-Identifier: Apache-2.0
# Author: Guillaume Abrioux <[email protected]>
#
# This playbook copies an SSH public key to a specified user on remote hosts.
#
# Required run-time variables
# ------------------
# admin_node : The name of a node with enough privileges to call `cephadm get-pub-key` command.
# (usually the bootstrap node).
#
# Optional run-time variables
# ------------------
# fsid : The fsid of the Ceph cluster.
# cephadm_ssh_user : ssh username on remote hosts.
# cephadm_pubkey_path : Full path name of the ssh public key file *on the ansible controller host*.
# If not passed, the playbook will assume it has to get the key from `cephadm get-pub-key` command.
#
# Example
# -------
# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e cephadm_pubkey_path=/home/cephadm/ceph.key -e admin_node=ceph-node0
#
# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e admin_node=ceph-node0
- name: Distribute SSH keys
hosts: all
become: true
gather_facts: false
strategy: linear
tasks:
- name: Fail if admin_node is not defined
ansible.builtin.fail:
msg: "You must set the variable admin_node"
run_once: true # noqa: run-once[task]
delegate_to: localhost
when: admin_node is undefined
- name: Get ssh public key from a file on the Ansible controller host
when: cephadm_pubkey_path is defined
block:
- name: Get details about {{ cephadm_pubkey_path }}
ansible.builtin.stat:
path: "{{ cephadm_pubkey_path }}"
register: cephadm_pubkey_path_stat
delegate_to: localhost
run_once: true # noqa: run-once[task]
- name: Fail if cephadm_pubkey_path doesn't exist {{ cephadm_pubkey_path }}
ansible.builtin.fail:
msg: "{{ cephadm_pubkey_path }} doesn't exist or is invalid."
run_once: true # noqa: run-once[task]
delegate_to: localhost
when:
- not cephadm_pubkey_path_stat.stat.exists | bool
or not cephadm_pubkey_path_stat.stat.isfile | bool
- name: Get the cephadm ssh pub key
ansible.builtin.command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm get-pub-key"
changed_when: false
run_once: true # noqa: run-once[task]
register: cephadm_get_pub_key
delegate_to: "{{ admin_node }}"
when: cephadm_pubkey_path is undefined
- name: Allow ssh public key for cephadm ssh user {{ cephadm_ssh_user | default('root') }}
ansible.posix.authorized_key:
user: "{{ cephadm_ssh_user | default('root') }}"
key: "{{ lookup('file', cephadm_pubkey_path) if cephadm_pubkey_path is defined else cephadm_get_pub_key.stdout }}"
- name: Set cephadm ssh user to {{ cephadm_ssh_user }}
ansible.builtin.command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm set-user {{ cephadm_ssh_user | default('root') }}"
changed_when: false
run_once: true # noqa: run-once[task]
delegate_to: "{{ admin_node }}"