-
Notifications
You must be signed in to change notification settings - Fork 54
/
Copy pathcephadm-distribute-ssh-key.yml
73 lines (67 loc) · 2.83 KB
/
cephadm-distribute-ssh-key.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
---
# Copyright Red Hat
# SPDX-License-Identifier: Apache-2.0
# Author: Guillaume Abrioux <[email protected]>
#
# This playbook copies an SSH public key to a specified user on remote hosts.
#
# Required run-time variables
# ------------------
# admin_node : The name of a node with enough privileges to call `cephadm get-pub-key` command.
# (usually the bootstrap node).
#
# Optional run-time variables
# ------------------
# fsid : The fsid of the Ceph cluster.
# cephadm_ssh_user : ssh username on remote hosts.
# cephadm_pubkey_path : Full path name of the ssh public key file *on the ansible controller host*.
# If not passed, the playbook will assume it has to get the key from `cephadm get-pub-key` command.
#
# Example
# -------
# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e cephadm_pubkey_path=/home/cephadm/ceph.key -e admin_node=ceph-node0
#
# ansible-playbook -i hosts cephadm-distribute-ssh-key.yml -e cephadm_ssh_user=foo -e admin_node=ceph-node0
- hosts: all
become: true
gather_facts: false
tasks:
- name: fail if admin_node is not defined
fail:
msg: "You must set the variable admin_node"
run_once: true
delegate_to: localhost
when: admin_node is undefined
- name: get ssh public key from a file on the Ansible controller host
when: cephadm_pubkey_path is defined
block:
- name: get details about {{ cephadm_pubkey_path }}
stat:
path: "{{ cephadm_pubkey_path }}"
register: cephadm_pubkey_path_stat
delegate_to: localhost
run_once: true
- name: fail if {{ cephadm_pubkey_path }} doesn't exist
fail:
msg: "{{ cephadm_pubkey_path }} doesn't exist or is invalid."
run_once: true
delegate_to: localhost
when:
- not cephadm_pubkey_path_stat.stat.exists | bool
or not cephadm_pubkey_path_stat.stat.isfile | bool
- name: get the cephadm ssh pub key
command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm get-pub-key"
changed_when: false
run_once: true
register: cephadm_get_pub_key
delegate_to: "{{ admin_node }}"
when: cephadm_pubkey_path is undefined
- name: allow ssh public key for {{ cephadm_ssh_user | default('root') }} account
authorized_key:
user: "{{ cephadm_ssh_user | default('root') }}"
key: "{{ lookup('file', cephadm_pubkey_path) if cephadm_pubkey_path is defined else cephadm_get_pub_key.stdout }}"
- name: set cephadm ssh user to {{ cephadm_ssh_user }}
command: "cephadm shell {{ '--fsid ' + fsid if fsid is defined else '' }} ceph cephadm set-user {{ cephadm_ssh_user | default('root') }}"
changed_when: false
run_once: true
delegate_to: "{{ admin_node }}"