added code to copy ssh keys if they exist already

0c29ef31 · Simon Michnowicz · 5c5e85be · 0c29ef31 · 0c29ef31
Commit 0c29ef31 authored 4 years ago by Simon Michnowicz
--- a/roles/slurm_sql_bk/README.md
+++ b/roles/slurm_sql_bk/README.md
@@ -21,12 +21,18 @@ where slurm_bk.yml contains
  gather_facts: True
  roles:
  - { role: slurm_sql_bk, create_key: "True", SQL_BK_DEST_HOST: "118.138.234.186", SQL_BK_DEST_DIR: "/mnt/backup/monarch", SQL_IP: "172.16.226.88" , sqlUsername: "slurmdb", sqlPasswd: "{{ slurmdb_passwd }}" }
+
+or 
+
+      - { role: slurm_sql_bk, copy_key: "True", SQL_BK_DEST_HOST: "118.138.234.186", SQL_BK_DEST_DIR: "/mnt/backup/monarch", SQL_IP: "172.16.226.88" , sqlUsername: "slurmdb", sqlPasswd: "{{ slurmdb_passwd }}", PRIVATE_KEY: slm_db_backup.private , PUBLIC_KEY: slm_db_backup.public  }
+
 ~~~~

 Meaning:
 * **create_key**: If defined to True then ssh-keygen is called on local machine and then:
 	* private key copied to ~/.ssh on management node
-	* public key inserted into authroized_keys on SQL_BK_DEST_HOST
+	* public key inserted into authorized_keys on SQL_BK_DEST_HOST
+* **copy_key** If defined, it copies ssh keys to the SQL and BACKUP HOST. If defined you must also define the variables {{ PUBLIC_KEY }} and {{ PRIVATE_KEY }} which are the local files on the Ansible machine.
 * **SQL_BK_DEST_HOST:** IP number of Machine where we store mysql dumps
 * **SQL_BK_DEST_DIR:** Directory on backup machine for mysql dumps. Note this is owned by ec2-user and is manually created. It should be cluster-specific, i.e. different for each cluster
 * **SQL_IP:** IP number of slurm mysql machine
@@ -38,3 +44,5 @@ defined in default/main.yml
 * **BIN_DIR:**          "/root/bin" #where the backup shell script and mysql.conf exists on Management Node
 * **SQL_BK_DATA_DIR:**  "/tmp" # where the inital dump exists on the management node. The file is deleted after a scp so it should not fill up disk
 * **SQL_USER: "ec2-user"**  The user account on SQL_BK_DEST_HOST. Normally ec2-user but could be something else for security reasons
+* **PRIVATE_KEY** the SSH key on the local machine when **copy_key** is defined
+* **PUBLIC_KEY** the SSH key ont the local machine when **copy_key** is defined
--- a/roles/slurm_sql_bk/tasks/main.yml
+++ b/roles/slurm_sql_bk/tasks/main.yml
@@ -25,6 +25,28 @@
  - name: copy public key to authorised key file of backup volume machine
    local_action: command  ssh-copy-id -i ./slm_db_backup.pub  {{ SQL_BK_DEST_HOST }}
    when: create_key is defined and create_key=="True"
+  #
+  # It is possible to use pre-existing key if "copy_key" is defined
+  #
+  - assert: { msg: "You must define the PRIVATE KEY", that:   PRIVATE_KEY  is defined  }
+    when: copy_key is defined and copy_key =="True"
+  - assert: { msg: "You must define the PUBLIC KEY", that:  PUBLIC_KEY is defined }
+    when: copy_key is defined and copy_key =="True"
+  - name: copy private key to management node
+    copy: 
+      src: "{{ PRIVATE_KEY }}"
+      dest: "/root/.ssh/slm_db_backup"
+      owner: root
+      group: root
+      mode: '600'
+    become: True
+    become_user: root
+    when: copy_key is defined and copy_key =="True"
+  - name: copy public key to authorised key file of backup volume machine
+    local_action: command  ssh-copy-id -i {{ PUBLIC_KEY }}  {{ SQL_BK_DEST_HOST }}
+    when: copy_key is defined and copy_key =="True"
+
+  
  #
  # now setup cronjob on management node
  #