From 41989b59cf69604618f1321147668fdb0c162047 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Thu, 2 Aug 2018 16:32:29 -0500 Subject: [PATCH] Fix some little ansible issues The list of allowed hosts is comma separated, not colon separated. Set exclusive: yes to ensure this is the *only* authorized key. The zuul-executor group is the group for ze hosts. It's not a second zuul-scheduler group. Change-Id: I214482ce8931e697ada497048fcf12fa492b98b7 --- playbooks/roles/base-server/tasks/main.yaml | 3 ++- playbooks/roles/install-ansible/files/groups.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/base-server/tasks/main.yaml b/playbooks/roles/base-server/tasks/main.yaml index 00476ab18d..4d7f669245 100644 --- a/playbooks/roles/base-server/tasks/main.yaml +++ b/playbooks/roles/base-server/tasks/main.yaml @@ -35,10 +35,11 @@ authorized_key: state: present user: root + exclusive: yes key: | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp puppet-remote-2014-09-15 key_options: | - from="{{ bastion_ipv4 }}:{{ bastion_ipv6 }},localhost" + from="{{ bastion_ipv4 }},{{ bastion_ipv6 }},localhost" - name: Disable byobu file: diff --git a/playbooks/roles/install-ansible/files/groups.yaml b/playbooks/roles/install-ansible/files/groups.yaml index b712280a36..f9e58c3c38 100644 --- a/playbooks/roles/install-ansible/files/groups.yaml +++ b/playbooks/roles/install-ansible/files/groups.yaml @@ -29,6 +29,6 @@ groups: translate: inventory_hostname|regex_match('translate\d+\.openstack\.org') wiki-dev: inventory_hostname|regex_match('wiki-dev\d+\.openstack\.org') wiki: inventory_hostname|regex_match('wiki\d+\.openstack\.org') + zuul-executor: inventory_hostname.startswith('ze') zuul-merger: inventory_hostname|regex_match('z[lm](static)?\d+\.openstack\.org') - zuul-scheduler: inventory_hostname.startswith('ze') zuul-scheduler: inventory_hostname.startswith('zuul')