forked from cyverse/atmosphere-ansible
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path41_shell_access.yml
37 lines (36 loc) · 1.34 KB
/
41_shell_access.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
---
- name: Enable ssh access from gateone shell host into user vm
hosts: atmosphere
vars:
EXTERNAL_HOST_KEY_NAME: "id_rsa_gateone"
EXTERNAL_HOST_KEY_DIR: "/var/lib/gateone/users/{{ ATMOUSERNAME }}/.ssh"
EXTERNAL_HOST_KEY_OWNER: root
EXTERNAL_HOST_KEY_GROUP: root
EXTERNAL_HOST: "shell"
USERNAME: "{{ ATMOUSERNAME }}"
roles:
- sshkey-host-access
tasks:
# Gateone reads this file in the gatone user ssh directory, and uses each
# identity found there when it tries to open an SSH connection from the
# gateone server to the user's vm
- name: Add the key name to gateones .default_ids
lineinfile:
dest: "{{ EXTERNAL_HOST_KEY_DIR }}/.default_ids"
line: "{{ EXTERNAL_HOST_KEY_NAME }}"
create: yes
state: present
owner: "{{ EXTERNAL_HOST_KEY_OWNER }}"
group: "{{ EXTERNAL_HOST_KEY_GROUP }}"
delegate_to: "{{ EXTERNAL_HOST }}"
- name: Enable ssh access from guac_server host into user vm
hosts: atmosphere
vars:
EXTERNAL_HOST_KEY_DIR: "/etc/guacamole/keys/{{ ATMOUSERNAME }}"
EXTERNAL_HOST_KEY_OWNER: tomcat7
EXTERNAL_HOST_KEY_GROUP: tomcat7
EXTERNAL_HOST_KEY_NAME: "id_rsa_guac"
EXTERNAL_HOST: "guac_server"
USERNAME: "{{ ATMOUSERNAME }}"
roles:
- { role: "sshkey-host-access", when: (SETUP_GUACAMOLE | default(false)) == true }