Merge pull request #965 from sakshiarora13/devel

Issue #956: Fix for passwordless SSH not working

control_plane/tools/roles/cluster_preperation/tasks/main.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -22,6 +22,17 @@
     regexp: '#   StrictHostKeyChecking ask'
     replace: 'StrictHostKeyChecking no'
 
+- name: Disable strict mode checking
+  replace:
+    path: /etc/ssh/ssh_config
+    regexp: '^StrictModes\ '
+    replace: 'StrictModes no'
+
+- name: Restart sshd
+  service:
+    name: sshd
+    state: restarted
+
 - name: Install sshpass
   package:
     name: sshpass
@@ -33,4 +44,4 @@
       include_tasks: passwordless_ssh.yml
       with_items: "{{ ssh_to }}"
       loop_control:
-        pause: 5
+        pause: 5

control_plane/tools/roles/cluster_preperation/tasks/passwordless_ssh.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@
   when: "'manager' in group_names"
 
 - name: Verify whether passwordless ssh is set on the remote host
-  shell: sshpass ssh -o "PasswordAuthentication=no" root@{{ current_host }} 'hostname'
+  command: sshpass ssh -o "PasswordAuthentication=no" root@{{ current_host }} 'hostname'
   register: ssh_output
   async: 30
   poll: 5
@@ -45,12 +45,28 @@
   register: verify_rsa_id_file
   when: not ssh_status
 
-- name: Generate ssh key pair
-  command: ssh-keygen -t rsa -b 4096 -f "{{ rsa_id_file }}" -q -N "{{ passphrase }}"
+- name: Create rsa_id file if it doesn't exist
+  ansible.builtin.file:
+    path: "{{ rsa_id_file }}"
+    state: touch
+    mode: "{{ file_mode }}"
   when:
     - not ssh_status
     - not verify_rsa_id_file.stat.exists
 
+- name: Generate ssh key pair
+  shell: ssh-keygen -t rsa -b 4096 -f "{{ rsa_id_file }}" -q -N "{{ passphrase }}" <<<y >/dev/null 2>&1
+  when:
+    - not ssh_status
+
+- name: Creating ssh config file with IdentifyFile value
+  copy:
+    dest: "{{ config_file }}"
+    content: |
+      Host *
+          IdentityFile "{{ rsa_id_file }}"
+    mode: "{{ file_mode }}"
+
 - name: Add the key identity
   shell: |
     eval `ssh-agent -s`
@@ -85,4 +101,4 @@
   rescue:
     - name: Passwordless ssh failed
       fail:
-        msg: "{{ register_error.stderr | regex_replace(hostvars['127.0.0.1']['cobbler_password']) | regex_replace(auth_key_path) }}"
+        msg: "{{ register_error.stderr | regex_replace(hostvars['127.0.0.1']['cobbler_password']) | regex_replace(auth_key_path) }}"

control_plane/tools/roles/cluster_preperation/vars/main.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -16,4 +16,6 @@
 #Usage: passwordless_ssh.yml
 rsa_id_file: "/root/.ssh/id_rsa"
 passphrase: ""
-auth_key_path: "/root/.ssh/authorized_keys"
+auth_key_path: "/root/.ssh/authorized_keys"
+config_file: "/root/.ssh/config"
+file_mode: "0600"