From 72b09b1a46200b6544600ff2432693f0b43c3918 Mon Sep 17 00:00:00 2001 From: Petr OspalĂ˝ Date: Mon, 8 Apr 2019 04:55:47 +0200 Subject: Add support for rancher authentication MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds a new mode to the rancher1_api module, which enables the rancher local authentication (username/password). There is an already predefined rancher admin user called 'admin' and that is the account, which this mode modifies. Due to the complex API and the fact that rancher 1.6 is soon to be obsoleted, this module is going the simpler route and it is just editing this default admin account instead of creating a completely arbitrary username/password credentials. For that reason is using the 'account_id', which is unique for all accounts and the default admin account of rancher has '1a1'. As of now this module cannot handle changed password once the auth. is enabled. Change-Id: Iea8923c71bdb82267c966a00d62f0f43eb5adb76 Issue-ID: OOM-1734 Signed-off-by: Petr OspalĂ˝ --- ansible/roles/rancher/tasks/rancher_server.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'ansible/roles/rancher/tasks/rancher_server.yml') diff --git a/ansible/roles/rancher/tasks/rancher_server.yml b/ansible/roles/rancher/tasks/rancher_server.yml index b71bf8d1..e93dd0e0 100644 --- a/ansible/roles/rancher/tasks/rancher_server.yml +++ b/ansible/roles/rancher/tasks/rancher_server.yml @@ -32,6 +32,14 @@ delay: 5 until: env.data is defined +# There is a lack of idempotency in the previous task and so there are new api +# key-pairs created with each run. +# +# ToDo: fix idempotency of rancher role +# +# Anyway as rke will be default k8s orchestrator in Dublin, it's supposed to be +# low prio topic. The following tasks dealing with the API are ignoring this problem +# and they simply use the new created API key-pair, which is set as a fact here: - name: Set apikey values set_fact: k8s_env_id: "{{ env.data.environment.id }}" @@ -40,6 +48,15 @@ rancher_agent_image: "{{ env.data.registration_tokens.image }}" rancher_agent_reg_url: "{{ env.data.registration_tokens.reg_url }}" +- name: Setup rancher admin password and enable authentication + rancher1_api: + server: "{{ rancher_server_url }}" + account_key: "{{ key_public }}:{{ key_private }}" + mode: access_control + data: + account_id: 1a1 # default rancher admin account + password: "{{ rancher.admin_password }}" + - name: Configure the size of the rancher cattle db and logs block: - name: Main tables -- cgit 1.2.3-korg