forked from seapath/ansible
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
playbooks: create a user for VM live migration
Add the playbook cluster_setup_add_virtu_user.yaml to create the virtu user. This user can be used to perform VM live migration. This playbooks is called during the cluster setup by the ci_configure_cluster.yaml playbook. By default the virtu user is not created because virtu user have the access rights to manage Pacemaker and libvirt. So if you do not need live migration it is recommended to not enable this feature. To enable it you have to define the Ansible user create_virtu_user. Signed-off-by: Mathieu Dupré <[email protected]>
- Loading branch information
1 parent
4f63b8d
commit 5f3b0cf
Showing
3 changed files
with
70 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| # Copyright (C) 2022, RTE (http://www.rte-france.com) | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| # This playbook adds and configures the virtu user. This user is used by libvirt | ||
| # to migrate VM from a host to an other without halting it. | ||
|
|
||
| --- | ||
| - name: Configure ssh keys between hosts | ||
| hosts: hypervisors | ||
| gather_facts: true | ||
| tasks: | ||
| - block: | ||
| - name: Create virtu user | ||
| user: | ||
| name: virtu | ||
| shell: /bin/sh | ||
| system: true | ||
| groups: qemu,haclient,admincluster | ||
| create_home: false | ||
| - name: Unlock the user | ||
| replace: | ||
| path: /etc/shadow | ||
| regexp: '^virtu:!:' | ||
| replace: 'virtu:*:' | ||
| - name: generate SSH key | ||
| user: | ||
| name: "root" | ||
| generate_ssh_key: yes | ||
| ssh_key_type: rsa | ||
| ssh_key_bits: 4096 | ||
| ssh_key_file: .ssh/id_rsa | ||
| ssh_key_passphrase: "" | ||
| force: false | ||
| - name: create ssh directory | ||
| file: | ||
| path: /etc/ssh/virtu | ||
| state: directory | ||
| mode: '0755' | ||
| owner: virtu | ||
| group: virtu | ||
| - name: Fetch the root keyfile | ||
| fetch: | ||
| src: "/home/root/.ssh/id_rsa.pub" | ||
| dest: "buffer/{{ inventory_hostname }}-id_rsa.pub" | ||
| flat: true | ||
| - name: Copy the key add to authorized_keys using Ansible module | ||
| authorized_key: | ||
| user: virtu | ||
| state: present | ||
| path: /etc/ssh/virtu/authorized_keys | ||
| key: "{{ lookup('file','buffer/{{ item }}-id_rsa.pub')}}" | ||
| with_items: "{{ groups['hypervisors'] }}" | ||
| - name: Fetch the ssh keyfile | ||
| fetch: | ||
| src: "/etc/ssh/ssh_host_ed25519_key.pub" | ||
| dest: "buffer/{{ inventory_hostname }}-ssh_host_ed25519_key.pub" | ||
| flat: true | ||
| - name: populate the known_hosts files | ||
| known_hosts: | ||
| path: /home/root/.ssh/known_hosts | ||
| name: "{{ item }}" | ||
| key: "{{ item }} {{ lookup('file','buffer/{{ item }}-ssh_host_ed25519_key.pub') }}" | ||
| with_items: "{{ groups['hypervisors'] }}" | ||
| when: create_virtu_user is defined |