--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+#-------------------------------------------------------------------------------
+# Cleanup Admin User Access
+#-------------------------------------------------------------------------------
+echo "Info: Cleanup admin user access"
+echo "-------------------------------------------------------------------------"
+
+export INVENTORY_FILE="${INVENTORY_FILE:-/tmp/inventory.ini}"
+
+ansible-playbook -i "$INVENTORY_FILE" playbooks/cleanup-admin-user-access.yaml
+
+
+# vim: set ts=2 sw=2 expandtab:
\ No newline at end of file
--- /dev/null
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- hosts: baremetal
+ gather_facts: true
+ become: false
+
+ tasks:
+ - name: Remove admin user ssh keys
+ file:
+ path: /root/.ssh/{{ item }}
+ state: absent
+ with_items:
+ - id_rsa
+ - id_rsa.pub
+ - authorized_keys
+
+- hosts: jumphost
+ gather_facts: true
+ become: false
+
+ tasks:
+ - name: Remove admin user ssh keys
+ file:
+ path: /root/.ssh/{{ item }}
+ state: absent
+ with_items:
+ - id_rsa
+ - id_rsa.pub
+ - authorized_keys
path: /etc/sudoers
line: "{{ admin_user }} ALL=(ALL:ALL) NOPASSWD: ALL"
-- name: Remove nordix ssh keys
- file:
- path: /root/.ssh/{{ item }}
- state: absent
- with_items:
- - id_rsa
- - id_rsa.pub
- - authorized_keys
# vim: set ts=2 sw=2 expandtab:
\ No newline at end of file
path: /etc/sudoers
line: "{{ admin_user }} ALL=(ALL:ALL) NOPASSWD: ALL"
-- name: Remove nordix ssh keys
- file:
- path: /root/.ssh/{{ item }}
- state: absent
- with_items:
- - id_rsa
- - id_rsa.pub
- - authorized_keys
# vim: set ts=2 sw=2 expandtab:
\ No newline at end of file
# -------------------------------------------------------------------------------
# Setup k8s admin config
# -------------------------------------------------------------------------------
-engine_cache: '/opt/engine/.cache'
-k8s_admin_conf: "{{ engine_cache }}/repos/kubespray/inventory/engine/artifacts/admin.conf"
+k8s_admin_conf: "/tmp/admin.conf"
admin_user: 'nordix'
admin_user_kube_dir: "/home/{{ admin_user }}/.kube"
\ No newline at end of file