From 6fa8261c4b3edaf821e547fa2a30d3d8aea2976a Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Mon, 5 Oct 2020 08:57:49 +0300
Subject: provision manager VM in contractor

---
 contractor  | 26 +++++++++++++++++++++++++-
 manager.yml | 15 +++++++++++----
 2 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/contractor b/contractor
index 5847485..e45bfb7 100755
--- a/contractor
+++ b/contractor
@@ -10,7 +10,6 @@ import sys
 import time
 import subprocess
 from subprocess import PIPE, STDOUT
-
 import yaml
 
 
@@ -549,6 +548,28 @@ def cmd_dump(args):
     sys.stdout.write("{}\n".format(json.dumps(bs.as_dict(), indent=4)))
 
 
+def cmd_provision(args):
+    ssh_opts = [
+        "ControlMaster=auto",
+        "ControlPersist=60s",
+        "StrictHostKeyChecking=accept-new",
+        "UserKnownHostsFile=/dev/null",
+    ]
+
+    env = dict(os.environ)
+    env["ANSIBLE_SSH_ARGS"] = " ".join(f"-o{opt}" for opt in ssh_opts)
+
+    argv = [
+        "ansible-playbook",
+        "-i",
+        "hosts",
+        "manager.yml",
+        f"-eansible_ssh_host={args.manager_address}",
+        f"-eansible_ssh_port={args.manager_port}",
+    ]
+    subprocess.check_call(argv, env=env)
+
+
 def cmd_status(args):
     dest, port = manager_destination(args)
     verbose(args, "manager VM is {}:{}".format(dest, port))
@@ -701,6 +722,9 @@ def main():
     dump.add_argument("spec")
     dump.set_defaults(func=cmd_dump)
 
+    provision = sub.add_parser("provision", help="provision manager VM")
+    provision.set_defaults(func=cmd_provision, **manager_defaults)
+
     status = sub.add_parser("status", help="check status of manager VM")
     status.add_argument("-m", "--manager-address", help="address of manager VM")
     status.add_argument("-p", "--manager-port", help="SSH port of manager VM")
diff --git a/manager.yml b/manager.yml
index 11d8f2a..281b92f 100644
--- a/manager.yml
+++ b/manager.yml
@@ -39,11 +39,18 @@
         groups:
           - libvirt
 
-    - name: "add authorized key to manager user"
-      authorized_key:
-        user: manager
-        key: "{{ user_pub }}"
+    - name: "create ~manager/.ssh"
+      file:
+        state: directory
+        path: /home/manager/.ssh
+        owner: manager
+        group: manager
+        mode: 0700
 
+    - name: "copy root authorized_keys to manager user"
+      shell: |
+        install -o manager -g manager /root/.ssh/authorized_keys /home/manager/.ssh/.
+        
     - name: "give manager sudo"
       copy:
         content: |
-- 
cgit v1.2.1