Improve ensure_stack_user tasks#26
Conversation
SeanMooney
left a comment
SeanMooney
left a comment
There was a problem hiding this comment.
looks reasonabel let me doubel check a few thing first
| password: "{{ stack_user_password | password_hash('sha512','A512') }}" | ||
| shell: /bin/bash | ||
| group: stack | ||
| home: /opt/stack |
There was a problem hiding this comment.
i was actully intentionlly not using /opt/stack as the home dire but we can. that is more aligned to devstacsk default behavior if you use its script
There was a problem hiding this comment.
agree, but if you would like to have /home/{{ microshift_user }} in that case there would be another issue
There was a problem hiding this comment.
[stack@microshift ~]$ ls -al .kube/config
-rw-------. 1 stack stack 11431 Jun 9 05:29 .kube/config
[stack@microshift ~]$ echo $HOME
/home/stack
[stack@microshift ~]$ pwd
/home/stack
[stack@microshift ~]$ oc get pod | head -n 2
NAME READY STATUS RESTARTS AGE
bootstrap-edpm-deployment-openstack-edpm-zssvc 0/1 Completed 0 2d20h
so what your seeign dose not seam to macht up to what i saw in my microshfit env
how did you create teh vm out of interst
currentl that is form the oko microshfit molecule senario
There was a problem hiding this comment.
i think i know why there may be a delta in behavior.
im using molecule for testign invoking the ansibel to providsion the vms which is using cloud-init to bootstrap the intiall vm before runnign the ansible.
if you created the vm or are tryign to run agaisnt a prexisting vm the user setup may be different.
https://github.com/SeanMooney/ard/blob/master/ansible/roles/ard_libvirt_node/tasks/node.yml#L38-L45
ill review the behvior with and without that and get back to you.
this role is how i used to do that when i was using molecule vagrant and the old way this repo works but i changed the user creation in the last week and have not confirm this role is still alinged to that on a prexisting vm or one when the cloud-init file is not used.
| create: true | ||
| mode: "0440" | ||
| line: "{{ devstack_user }} ALL=(ALL) NOPASSWD:ALL" | ||
| validate: "visudo -cf %s" |
There was a problem hiding this comment.
sure that makes it configurable.
| ansible.builtin.slurp: | ||
| src: .ssh/authorized_keys | ||
| register: _user_authorized_keys | ||
|
|
There was a problem hiding this comment.
ok so your doing this so that if you have preprovisioned a node we can extend the exsitng keys
i thoug we didnt need to do that when using ansible.posix.authorized_key and it would append.
im not agsint that but let me double check the docs
What's improved: - moved creating user dir to user module - setting authorized_keys does not use lookup module Signed-off-by: Daniel Pawlik <pawlik.dan@gmail.com>
2 participants
What's improved: