From: sankar palanivel <sankar.palanivel@est.tech>
Date: Wed, 24 Nov 2021 11:19:07 +0000 (+0000)
Subject: Add ansible role to update user ssh key
X-Git-Url: https://gerrit.nordix.org/gitweb?a=commitdiff_plain;h=56fa17262cc278a5dd229066bccf3d06d24c54bd;p=infra%2Ftools.git

Add ansible role to update user ssh key

In this change,
 - Add new ansible role to allow users to update their ssh public key
   from their profile section of selfservice portal

Change-Id: If34a3e64aa7447973a9a0d7c7a8638555a28990c
---

diff --git a/infra/update_user_ssh_key/deploy.sh b/infra/update_user_ssh_key/deploy.sh
new file mode 100755
index 0000000..674cfae
--- /dev/null
+++ b/infra/update_user_ssh_key/deploy.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2021 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+#-------------------------------------------------------------------------------
+# Update Admin User SSH Key
+#-------------------------------------------------------------------------------
+echo "Info: Update admin user ssh key"
+echo "-------------------------------------------------------------------------"
+
+export INVENTORY_FILE="${INVENTORY_FILE:-/tmp/inventory.ini}"
+
+ansible-playbook -i "$INVENTORY_FILE" playbooks/update-user-ssh-key.yaml
+
+# vim: set ts=2 sw=2 expandtab:
\ No newline at end of file
diff --git a/infra/update_user_ssh_key/playbooks/roles/update-user-ssh-key/tasks/update-sshkey.yaml b/infra/update_user_ssh_key/playbooks/roles/update-user-ssh-key/tasks/update-sshkey.yaml
new file mode 100644
index 0000000..228b147
--- /dev/null
+++ b/infra/update_user_ssh_key/playbooks/roles/update-user-ssh-key/tasks/update-sshkey.yaml
@@ -0,0 +1,32 @@
+---
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2021 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- name: append ssh public key to authorized_keys on target nodes
+  lineinfile:
+    path: "{{ admin_user_ssh_dir }}/authorized_keys"
+    line: "{{ item }}"
+    create: true
+    state: present
+    owner: "{{ admin_user }}"
+    group: "{{ admin_user }}"
+    mode: 0600
+  with_items:
+    - "{{ lookup('file', '{{  admin_user_jumphost_public_key }}') }}"
+
+# vim: set ts=2 sw=2 expandtab:
\ No newline at end of file
diff --git a/infra/update_user_ssh_key/playbooks/roles/update-user-ssh-key/vars/main.yaml b/infra/update_user_ssh_key/playbooks/roles/update-user-ssh-key/vars/main.yaml
new file mode 100644
index 0000000..ea6e8b8
--- /dev/null
+++ b/infra/update_user_ssh_key/playbooks/roles/update-user-ssh-key/vars/main.yaml
@@ -0,0 +1,25 @@
+---
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2021 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# -------------------------------------------------------------------------------
+# Update admin user ssh key
+# -------------------------------------------------------------------------------
+admin_user: "{{ lookup('env','admin_user') }}"
+admin_user_ssh_dir: "/home/{{ admin_user }}/.ssh"
+admin_user_jumphost_public_key: "/tmp/{{ admin_user }}_id_rsa.pub"
\ No newline at end of file
diff --git a/infra/update_user_ssh_key/playbooks/update-user-ssh-key.yaml b/infra/update_user_ssh_key/playbooks/update-user-ssh-key.yaml
new file mode 100644
index 0000000..50d2ac0
--- /dev/null
+++ b/infra/update_user_ssh_key/playbooks/update-user-ssh-key.yaml
@@ -0,0 +1,31 @@
+---
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2021 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- hosts: jumphost
+  gather_facts: true
+  become: false
+
+  tasks:
+    - name: Update user ssh key in jumphost
+      include_role:
+        name: update-user-ssh-key
+        tasks_from: update-sshkey.yaml
+
+
+# vim: set ts=2 sw=2 expandtab:
\ No newline at end of file