matejart
commented
4 years ago Thank you for the issue description, @anzoman. I feel that implementing your suggestion can be useful in some scenarios, where all the hosts to be managed will allow connections using the corresponding public SSH key.
Given that the environment will contain the path to the private key, I suggest that the env variable is either OPERA_SSH_PRIVATE_KEY_FILE or, if this is too long, OPERA_SSH_IDENTITY_FILE.
A few questions:
- What will happen in the default case when the environment variable is not set?
- Does the use of this env var replace the search for the default set of identities? Or does it add it as the first choice?
anzoman
Description
xOpera orchestrator currently offers
OPERA_SSH_USERenvironment variable which is used by the Ansible executor when establishing the connection to a remote machine to tell which user someone wants to connect as. Similar to that there could be a variable calledOPERA_SSH_KEY_FILEthat would point to the file with a private ssh key that needs to be used when establishing a connection to the host.Steps
As of now before deploying TOSCA templates opera creates an Ansible inventory in the background and sets the user within
ansible_userentry ifOPERA_SSH_USERwas exported. Exactly this is done with the line:inventory["ansible_user"] = os.environ.get("OPERA_SSH_USER", "centos")so that user defaults to centos if this was not set to localhost before.To implement the part for the ssh keys we would need to:
OPERA_SSH_KEY_FILEenv var to point opera to the ssh keyansible_ssh_private_key_fileentryCurrent behaviour
Currently xOpera does not offer to choose ssh keys to connect but it expects that user managed that before by himself either with putting keys to the
~/.sshfolder or by creating~/.ssh/configconfiguration file which offers matching IPs and ssh keys for connection.Expected results
To be able to specify which ssh keys to use during the orchestration.