From: Baha Mesleh <baha.mesleh@nokia.com>
Date: Fri, 6 Sep 2019 07:32:53 +0000 (+0000)
Subject: Merge "Support for authorized keys"
X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=commitdiff_plain;h=17cc3240ee0ab6afb6df986a828fdee71f60128f;hp=e697efd10739167c5d4517db1a93a23a28a7e68f

Merge "Support for authorized keys"
---

diff --git a/roles/bootstrap-host/tasks/create_sudo_user.yml b/roles/bootstrap-host/tasks/create_sudo_user.yml
index bfab595..fe8fc33 100644
--- a/roles/bootstrap-host/tasks/create_sudo_user.yml
+++ b/roles/bootstrap-host/tasks/create_sudo_user.yml
@@ -38,14 +38,23 @@
   tags:
     - ssh-key-authorized
 
-- name: Ensure root's new public ssh key is in authorized_keys
+- name: Ensure sudo user's new public ssh key is in authorized_keys
   authorized_key:
     user: "{{ sudo_user }}"
     key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
     manage_dir: no
+    exclusive: yes
   tags:
     - ssh-key-authorized
 
+- name: Populate authorized keys from config to sudo user
+  authorized_key:
+    user: "{{ sudo_user }}"
+    key: "{{ sudo_user_authorized_keys | join('\n') }}"
+    manage_dir: no
+  tags:
+    - configured-authorized-keys
+
 - name: Ensure there is a private key /etc/userconfig/id_rsa in virtual env. Provide read permissions to all users
   file:
     path: "/etc/userconfig/id_rsa"