admin_user: move the user configuration to a dedicated role

This user is not linked to the livemgration user. Therefore, it should
not be configured in the same playbook.

Signed-off-by: Tanguy Raufflet <[email protected]>

playbooks/cluster_setup_users.yaml

@@ -0,0 +1,23 @@
+# Copyright (C) 2022, RTE (http://www.rte-france.com)
+# Copyright (C) 2024 Savoir-faire Linux, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+# This playbook adds and configures the livemigration and the admin user.
+# The first user is used by libvirt to migrate VM from a host to an other without halting it.
+# The second is used by consolevm on Debian/CentOS
+
+---
+- name: Create livemigration user
+  hosts: hypervisors:&cluster_machines
+  gather_facts: true
+  become: true
+  roles:
+    - add_livemigration_user
+
+- name: Configure admin user
+  hosts: hypervisors:&cluster_machines
+  gather_facts: true
+  become: true
+  roles:
+    - configure_admin_user
+

playbooks/seapath_setup_main.yaml

@@ -35,7 +35,7 @@
 
 - import_playbook: cluster_setup_ceph.yaml
 - import_playbook: cluster_setup_libvirt.yaml
-- import_playbook: cluster_setup_add_livemigration_user.yaml
+- import_playbook: cluster_setup_users.yaml
 - import_playbook: cluster_setup_ha.yaml
 
 - name: Restart all hosts

roles/add_livemigration_user/tasks/main.yml

@@ -1,4 +1,5 @@
 # Copyright (C) 2024 RTE
+# Copyright (C) 2024 Savoir-faire Linux, Inc.
 # SPDX-License-Identifier: Apache-2.0
 
 ---
@@ -45,13 +46,6 @@
       path: "/home/{{ livemigration_user }}/.ssh/authorized_keys"
       key: "{{ lookup('file','buffer/' + item + '-id_rsa.pub') }}"
     with_items: "{{ groups['hypervisors'] }}"
-  - name: Copy the key to admin user's authorized_keys using Ansible module
-    authorized_key:
-      user: "{{ admin_user }}"
-      state: present
-      path: "/home/{{ admin_user }}/.ssh/authorized_keys"
-      key: "{{ lookup('file','buffer/' + item + '-id_rsa.pub') }}"
-    with_items: "{{ groups['hypervisors'] }}"
   - name: Fetch the ssh keyfile
     fetch:
       src: "/etc/ssh/ssh_host_ed25519_key.pub"

roles/configure_admin_user/README.md

@@ -0,0 +1,21 @@
+# Configure admin_user Role
+This role copy the root ssh key to admin user's. This user is used by Debian when using consolevm.
+
+## Requirements
+
+no requirement.
+
+## Role Variables
+
+- admin_user
+
+## Example Playbook
+
+```yaml
+- name: Configure admin user
+  hosts: hypervisors
+  gather_facts: true
+  become: true
+  roles:
+    - { role: seapath_ansible.configure_admin_user }
+```

roles/configure_admin_user/meta/main.yml

@@ -0,0 +1,13 @@
+# Copyright (C) 2024 RTE
+# SPDX-License-Identifier: Apache-2.0
+---
+galaxy_info:
+  author: "Seapath"
+  description: Configure Admin user
+  license: Apache-2.0
+  min_ansible_version: 2.9.10
+  platforms:
+  - name: Debian
+    versions:
+    - all
+dependencies: []

roles/configure_admin_user/tasks/main.yml

@@ -0,0 +1,20 @@
+# Copyright (C) 2024 Savoir-faire Linux, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- block:
+    - name: Get root user's home directory
+      shell: getent passwd root | cut -d ':' -f6
+      register: root_home_dir
+    - name: Fetch the root keyfile
+      fetch:
+        src: "{{ root_home_dir.stdout }}/.ssh/id_rsa.pub"
+        dest: "buffer/{{ inventory_hostname }}-id_rsa.pub"
+        flat: true
+    - name: Copy the key to admin user's authorized_keys using Ansible module
+      authorized_key:
+        user: "{{ admin_user }}"
+        state: present
+        key: "{{ lookup('file','buffer/' + item + '-id_rsa.pub') }}"
+      with_items: "{{ groups['hypervisors'] }}"
+  when: ansible_distribution | regex_search("CentOS|Debian")