Changeset - f0ffcf83f46a
Parent rev.
Child rev.
[Not reviewed]
0 5 0
Branko Majic (branko) - 4 years ago 2020-10-01 22:59:53
branko@majic.rs
MAR-155: Make the ansible_key parameter in the bootstrap role mandatory:

- Updated the preseed role.
- Removed default value for the parameter.
- Updated tests.
- Updated role reference documentation.
- Updated release notes.
5 files changed with 9 insertions and 5 deletions:
docs/releasenotes.rst
4
docs/rolereference.rst
1
1
roles/bootstrap/defaults/main.yml
2
roles/bootstrap/molecule/default/group_vars/parameters-mandatory.yml
2
roles/bootstrap/molecule/default/tests/test_parameters_mandatory.py
2
2
0 comments (0 inline, 0 general)
docs/releasenotes.rst
Show inline comments
 
@@ -23,6 +23,10 @@ Breaking changes:
 
    ``tls_certificate_dir`` are no longer used.
 
  * TLS private key and certificate parameters are now mandatory.
 

			




	
	
	
		
 
* ``bootstrap`` role

			




	
	
	
		
 

			




	
	
	
		
 
  * Parameter ``ansible_key`` is now mandatory.

			




	
	
	
		
 

			




	
	
	
		
 
* ``mail_forwarder`` role

			




	
	
	
		
 

			




	
	
	
		
 
  * Use 2048-bit Diffie-Hellman parameters for relevant TLS

			




        

    


    
    

    

        

                

                    docs/rolereference.rst
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -191,7 +191,7 @@ The role implements the following:

			




	
	
	
		
 
Parameters

			




	
	
	
		
 
~~~~~~~~~~

			




	
	
	
		
 

			




	
	
	
		
 
**ansible_key** (string, optional, ``{{ lookup('file', '~/.ssh/id_rsa.pub') }}``)

			




	
	
	
		
 
**ansible_key** (string, mandatory)

			




	
	
	
		
 
  SSH public key that should be deployed to authorized_keys truststore for

			




	
	
	
		
 
  operating system user ``ansible``.

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    roles/bootstrap/defaults/main.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
---

			




	
	
	
		
 

			




	
	
	
		
 
ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

			




        

    


    
    

    

        

                

                    roles/bootstrap/molecule/default/group_vars/parameters-mandatory.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
---

			




	
	
	
		
 

			




	
	
	
		
 
ansible_key: "{{ lookup('file', 'tests/data/ansible_key.pub') }}"

			




        

    


    
    

    

        

                

                    roles/bootstrap/molecule/default/tests/test_parameters_mandatory.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -14,7 +14,7 @@ def test_authorized_keys(host):

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        ssh_key = open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'r').read().strip()

			




	
	
	
		
 
        ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip()

			




	
	
	
		
 
        authorized_keys = host.file('/home/ansible/.ssh/authorized_keys')

			




	
	
	
		
 

			




	
	
	
		
 
        assert authorized_keys.is_file

			




	
	
		
 
@@ -28,6 +28,6 @@ def test_root_authorized_keys(host):

			




	
	
	
		
 

			




	
	
	
		
 
    with host.sudo():

			




	
	
	
		
 

			




	
	
	
		
 
        ssh_key = open(os.path.expanduser('~/.ssh/id_rsa.pub'), 'r').read().strip()

			




	
	
	
		
 
        ssh_key = open('tests/data/ansible_key.pub', 'r').read().strip()

			




	
	
	
		
 

			




	
	
	
		
 
        assert ssh_key not in host.file('/root/.ssh/authorized_keys').content_string

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2024 by various authors & licensed under GPLv3.