From 073042cae96e01a5e5ecbe434f00ef3ebf86e9b8 Mon Sep 17 00:00:00 2001 From: spmfox Date: Wed, 30 Jul 2025 18:19:35 -0400 Subject: changed ssh-key to ssh-keys, now supports adding multiple keys --- docs/README.md | 12 +++++++----- docs/sample-environment.yml | 5 +++-- roles/guest-configure/tasks/user.yml | 5 +++-- roles/guest-configure/vars/main.yml | 2 +- roles/libvirt/templates/kickstart/el10.ks | 4 +++- roles/libvirt/templates/kickstart/el8.ks | 4 +++- roles/libvirt/templates/kickstart/el9.ks | 4 +++- roles/libvirt/templates/kickstart/f38.ks | 4 +++- roles/libvirt/vars/main.yml | 4 ++-- vm-create.yml | 2 +- vm-delete.yml | 2 +- 11 files changed, 30 insertions(+), 18 deletions(-) diff --git a/docs/README.md b/docs/README.md index de60ff9..05c3569 100644 --- a/docs/README.md +++ b/docs/README.md @@ -23,7 +23,7 @@ Below is a table describing each variable, and which Ansible role the variable i | ```packages``` | | | X | | | **List** of packages to be installed on the new VM | | ```user``` | | | X | | | User to be created on the new VM | | ```root_password``` | | X | X | Kickstart - Random | | Sets root password in Kickstart (uses random if not specified), can be used to communicate with new VM if no SSH key is defined | -| ```ssh_key``` | | X | | | | This key is put into the Kickstart template for the root user and the regular user (if defined) - if not defined, PermitRootLogin is used in Kickstart | +| ```ssh_keys``` | | X | | | | List of keys to be put into the Kickstart template for the root user and the regular user (if defined) - if not defined, PermitRootLogin is used in Kickstart | | ```shell``` | | | X | | | Set new user's shell to this shell, does not change the root user shell - does nothing if no regular user defined | | ```services``` | | | X | | | Services to enable on the new VM | ```redhat_user``` | | | X | | | Username to register/unregister new VM with Red Hat Subscription Manager | @@ -89,8 +89,9 @@ all: parent_dataset: "zfs-parent-dataset/zfs-child-dataset" user: "myuser" shell: "/usr/bin/fish" - ssh_key: | - ssh-rsa + ssh_keys: + - ssh-rsa + - ssh-rsa pre-packages: - epel-release packages: @@ -121,8 +122,9 @@ all: parent_dataset_mount: "/mnt/zfs-parent-dataset/zfs-child-dataset" user: "myuser" shell: "/usr/bin/fish" - ssh_key: | - ssh-rsa + ssh_keys: + - ssh-rsa + - ssh-rsa packages: - fish redhat_user: "myrhsmuser" diff --git a/docs/sample-environment.yml b/docs/sample-environment.yml index aaba54c..1c676ea 100644 --- a/docs/sample-environment.yml +++ b/docs/sample-environment.yml @@ -39,8 +39,9 @@ all: # root_password: "" #Not defining this will cause a random root password to be generated for kickstart purposes user: "admin" #Regular user with sudo rights # SSH key for root and regular user - if no key or root password are defined, guest configuration will not run - ssh_key: | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFyY+3A07lMnHkyQ6bMez/BEi9j2vh4sotxQdqEMlCS+EJCta8G/CCj54kBvFKrrkiPMs0Jj1Od02ZjWZqGf+W/stZ+KLh97M0EM/69zbRbQJZ7xuCQKng7U87bbopbXcx9Mu9DUCC1pjNJ5Bb7nG6z51hk7mh3mF8QGHJ6qp03FrK+Eiud/2d9Zbn4lNH/E5W7iZ3J7zZHU16nLQH1Tsbx2LFUDkVhz/A4/7sqRmWT/mpwSCVgxN9cFgs1KMHsqb4Z1XXtbb//SWj+bmPvcfbfDUkTnb8Z+KTOd1OViKjDH1owgymxZtDML5S7OOZ2AX0/c5JaDplLRhji7gpVTRLZJE5XHvfVqwJCkxVrxoc4sbcZb9I/G+clJ3CBzSMZXh7p85J4OLVP5GmfOh0o93pakWVsTZBrPgO3EjhOyj0pGay3qUHiQfPqIlU+q92Mku5iijsbFDv28HdUlz5e69igg7E8Hr2/SruZuDijxOqkkHkmW0pnM8kXQpvU5dvW0U= pubkey@box + ssh_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqatKwhiSSePeDXU2VuoKzugIKWobA8U7QxsOxhQHJH" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4AUk20x8I3Yxy8lDDCJNtGLdPl2yhHGJAluJ1hALtw" packages: # Packages to install on guest - qemu-guest-agent services: # Services to enable on guest diff --git a/roles/guest-configure/tasks/user.yml b/roles/guest-configure/tasks/user.yml index 2458ccf..7bfe85d 100644 --- a/roles/guest-configure/tasks/user.yml +++ b/roles/guest-configure/tasks/user.yml @@ -12,8 +12,9 @@ ansible.posix.authorized_key: user: "{{ guest_configure_user }}" state: present - key: "{{ guest_configure_ssh_key }}" - when: guest_configure_ssh_key | length > 0 + key: "{{ item }}" + loop: "{{ guest_configure_ssh_keys }}" + when: guest_configure_ssh_keys | length > 0 - name: RedHat block when: ansible_os_family == "RedHat" diff --git a/roles/guest-configure/vars/main.yml b/roles/guest-configure/vars/main.yml index 77c2cac..5c7abef 100644 --- a/roles/guest-configure/vars/main.yml +++ b/roles/guest-configure/vars/main.yml @@ -4,7 +4,7 @@ ansible_ssh_password: "{{ root_password if root_password is defined }}" guest_configure_user: "{{ user if user is defined }}" guest_configure_user_shell: "{{ shell if shell is defined }}" -guest_configure_ssh_key: "{{ ssh_key if ssh_key is defined }}" +guest_configure_ssh_keys: "{{ ssh_keys if ssh_keys is defined }}" guest_configure_packages_preq: "{{ pre_packages if pre_packages is defined }}" guest_configure_packages: "{{ packages if packages is defined }}" guest_configure_services: "{{ services if services is defined }}" diff --git a/roles/libvirt/templates/kickstart/el10.ks b/roles/libvirt/templates/kickstart/el10.ks index 5a95014..253496b 100644 --- a/roles/libvirt/templates/kickstart/el10.ks +++ b/roles/libvirt/templates/kickstart/el10.ks @@ -39,7 +39,9 @@ rootpw --iscrypted {{ libvirt_kickstart_root_password | password_hash("sha512") mkdir -m0700 /root/.ssh/ cat </root/.ssh/authorized_keys -{{ libvirt_kickstart_root_ssh_key }} +{% for ssh_key in libvirt_kickstart_root_ssh_keys %} +{{ ssh_key }} +{% endfor %} EOF chmod 0600 /root/.ssh/authorized_keys diff --git a/roles/libvirt/templates/kickstart/el8.ks b/roles/libvirt/templates/kickstart/el8.ks index 5097c0d..56055fa 100644 --- a/roles/libvirt/templates/kickstart/el8.ks +++ b/roles/libvirt/templates/kickstart/el8.ks @@ -39,7 +39,9 @@ rootpw --iscrypted {{ libvirt_kickstart_root_password | password_hash("sha512") mkdir -m0700 /root/.ssh/ cat </root/.ssh/authorized_keys -{{ libvirt_kickstart_root_ssh_key }} +{% for ssh_key in libvirt_kickstart_root_ssh_keys %} +{{ ssh_key }} +{% endfor %} EOF chmod 0600 /root/.ssh/authorized_keys diff --git a/roles/libvirt/templates/kickstart/el9.ks b/roles/libvirt/templates/kickstart/el9.ks index b37bcf0..afb050f 100644 --- a/roles/libvirt/templates/kickstart/el9.ks +++ b/roles/libvirt/templates/kickstart/el9.ks @@ -39,7 +39,9 @@ rootpw --iscrypted {{ libvirt_kickstart_root_password | password_hash("sha512") mkdir -m0700 /root/.ssh/ cat </root/.ssh/authorized_keys -{{ libvirt_kickstart_root_ssh_key }} +{% for ssh_key in libvirt_kickstart_root_ssh_keys %} +{{ ssh_key }} +{% endfor %} EOF chmod 0600 /root/.ssh/authorized_keys diff --git a/roles/libvirt/templates/kickstart/f38.ks b/roles/libvirt/templates/kickstart/f38.ks index de0adb8..0d4c40e 100644 --- a/roles/libvirt/templates/kickstart/f38.ks +++ b/roles/libvirt/templates/kickstart/f38.ks @@ -38,7 +38,9 @@ rootpw --iscrypted {{ libvirt_kickstart_root_password | password_hash("sha512") mkdir -m0700 /root/.ssh/ cat </root/.ssh/authorized_keys -{{ libvirt_kickstart_root_ssh_key }} +{% for ssh_key in libvirt_kickstart_root_ssh_keys %} +{{ ssh_key }} +{% endfor %} EOF chmod 0600 /root/.ssh/authorized_keys diff --git a/roles/libvirt/vars/main.yml b/roles/libvirt/vars/main.yml index 1f2c7dc..0cbc96f 100644 --- a/roles/libvirt/vars/main.yml +++ b/roles/libvirt/vars/main.yml @@ -11,6 +11,6 @@ libvirt_vm_destination: "{{ parent_dataset_mount if parent_dataset_mount is defi libvirt_vm_network: "{{ network if network is defined else 'default' }}" libvirt_kickstart_hostname: "{{ inventory_hostname }}" libvirt_kickstart_timezone: "{{ timezone if timezone is defined else 'Etc/GMT' }}" -libvirt_kickstart_root_ssh_key: "{{ ssh_key if ssh_key is defined }}" +libvirt_kickstart_root_ssh_keys: "{{ ssh_keys if ssh_keys is defined }}" libvirt_kickstart_root_password: "{{ root_password if root_password is defined else lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}" -libvirt_kickstart_allow_root_ssh: "{{ '' if ssh_key is defined else 'echo PermitRootLogin yes > /etc/ssh/sshd_config.d/01-permitrootlogin.conf' }}" +libvirt_kickstart_allow_root_ssh: "{{ '' if ssh_keys is defined else 'echo PermitRootLogin yes > /etc/ssh/sshd_config.d/01-permitrootlogin.conf' }}" diff --git a/vm-create.yml b/vm-create.yml index 631dd24..384fa78 100644 --- a/vm-create.yml +++ b/vm-create.yml @@ -76,4 +76,4 @@ apply: tags: guest-configure tags: guest-configure - when: (ssh_key is defined and ssh_key | length > 0) or (root_password is defined and root_password | length > 0) + when: (ssh_keys is defined and ssh_keys | length > 0) or (root_password is defined and root_password | length > 0) diff --git a/vm-delete.yml b/vm-delete.yml index e117326..842b6a8 100644 --- a/vm-delete.yml +++ b/vm-delete.yml @@ -46,7 +46,7 @@ apply: tags: guest-configure tags: guest-configure - when: (ssh_key is defined and ssh_key | length > 0) or (root_password is defined and root_password | length > 0) + when: (ssh_keys is defined and ssh_keys | length > 0) or (root_password is defined and root_password | length > 0) - name: Import libvirt role to undefine VM ansible.builtin.include_role: -- cgit