deploy ssh keys of nova user - take 2

2015-04-14 17:05:32 +00:00 · 2015-04-14 17:05:32 +00:00 · e11c176ce7
commit e11c176ce7
parent 686ea6275c
3 changed files with 12 additions and 4 deletions
--- a/files/fedora-cloud/fed_cloud09_nova_public_key
+++ b/files/fedora-cloud/fed_cloud09_nova_public_key
@ -0,0 +1 @@
+{{fed_cloud09_nova_public_key}}
--- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
@ -231,11 +231,16 @@
  - command: packstack --answer-file=/root/packstack-controller-answers.txt
    when: packstack_sucessfully_finished.stat.exists == False
  - file: path=/etc/packstack_sucessfully_finished state=touch
+  # FIXME we should really reboot here

  - name: Set shell to nova user to allow cold migrations
    user: name=nova shell=/bin/bash
-
-  # FIXME we should really reboot here
+  - name: SSH authorized key for nova user
+    authorized_key: user=nova key="{{fed_cloud09_nova_public_key}}"
+  - name: SSH public key for nova user
+    template: src={{ files }}/fedora-cloud/fed_cloud09_nova_public_key dest=/var/lib/nova/.ssh/id_rsa.pub owner=nova group=nova
+  - name: Deploy private SSH key
+    copy: src={{ private }}/files/openstack/fed-cloud09-nova.key dest=/var/lib/nova/.ssh/id_rsa mode=600 owner=nova group=nova

  # http://docs.openstack.org/icehouse/install-guide/install/yum/content/basics-queue.html
  # https://openstack.redhat.com/Securing_services#qpid
--- a/roles/cloud_compute/tasks/main.yml
+++ b/roles/cloud_compute/tasks/main.yml
@ -287,10 +287,12 @@

 - name: Set shell to nova user to allow cold migrations
  user: name=nova shell=/bin/bash
- name: SSH public key for nova user
+- name: SSH authorized key for nova user
  authorized_key: user=nova key="{{fed_cloud09_nova_public_key}}"
+- name: SSH public key for nova user
+  template: src={{ files }}/fedora-cloud/fed_cloud09_nova_public_key dest=/var/lib/nova/.ssh/id_rsa.pub owner=nova group=nova
 - name: Deploy private SSH key
-  copy: src={{ private }}/files/openstack/fed-cloud09-nova.key dest=/var/lib/nova/.ssh/ mode=600 owner=nova group=nova
+  copy: src={{ private }}/files/openstack/fed-cloud09-nova.key dest=/var/lib/nova/.ssh/id_rsa mode=600 owner=nova group=nova

 # This needs to be run after controller reprovision
 - name: "restart neutron-openvswitch-agent"