{"id":82,"sha1":"02a2f7786ecd8b6c97490e2c48fdc116202d11d2","playbook":{"id":2,"items":{"plays":18,"tasks":603,"results":2357,"hosts":15,"files":157,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-hosts.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-14T10:04:43.190296Z","ended":"2025-12-14T10:14:53.851603Z","duration":"00:10:10.661307","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.13.5","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2022, BBC\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n# host where the generated keypairs are kept\nssh_keypairs_setup_host: localhost\n\n# Python interpreter that will be used during keypair generation\nssh_keypairs_setup_host_python_interpreter: >-\n  {{ (ssh_keypairs_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']) }}\n\n# base directory on the ssh keypair setup host for storing keypairs\nssh_keypairs_dir: \"/etc/ssh_keypairs\"\n\n# method used to create keypairs\nssh_keypairs_method: \"standalone\"\n\n# --------\n# KEYPAIRS\n# --------\n\n# boolean to enable/disable creation of keys\nssh_keypairs_create_keys: true\n\n# ssh keypairs to create\n#\n# ssh_keypairs:\n#   # A keypair which whose private key will be used to create signed SSH keys\n#   - name: \"Example-CA-Key\"\n#   # A keypair which is signed by the CA private key, and given the 'webservers' principal\n#   - name: \"My-Signed-Key\"\n#     cert:\n#      signed_by: \"Example-CA-Key\"\n#      principals:\n#        - 'webservers'\n#      valid_from: \"always\"\n#      valid_to: \"forever\"\n#   # A regular SSH keypair which is not signed\n#   - name: \"Regular-SSH-Key\"\n#\nssh_keypairs: []\n\n# ssh keypairs to install\n#\n# ssh_keypairs_install_keys:\n#   #optional setting for owner and group of all installed files\n#   owner: 'foo'\n#   group: 'foo'\n#   keys:\n#     # Install the public, private and signed parts of the key named 'cert'\n#     # to a specified location, with .pub and -cert.pub suffixes automatically added\n#     - cert: \"My-Signed-Key\"\n#       dest: \"/home/foo/.ssh/id_rsa\"\n#     # Install the public and private parts of the key named 'keypair'\n#     # to a specified location, with the .pub suffix automatically added\n#     - keypair: \"Regular-SSH-Key\"\n#       dest: \"/home/bar/.ssh/id_rsa\"\n#     # Install any part of a keypair by referencing the path on ssh_keypairs_setup_host directly\n#     - src: \"{{ ssh_keypairs_dir }}/Regular-SSH-Key.pub\"\n#       dest: \"/home/bar/.ssh/id_rsa.pub\"\n#       owner: 'bar'  # override ownership for this specific key\n#       group: 'bar'\n#       mode: '0644'  # override permissions for this specific file\nssh_keypairs_install_keys: []\n\n# boolean to enable/disable installation of ssh keys\nssh_keypairs_install_keypairs: true\n\n# ----------\n# TRUSTED CA\n# ----------\n\n# location for the combined sshd trusted CA list\nssh_keypairs_trusted_ca_file: \"/etc/ssh/trusted_ca\"\n\n# keypair names to take the public key and install as a trusted CA\n#\n# ssh_keypairs_install_ca:\n#   # Install this public key into SSHD as a trusted user CA\n#   - name: \"Example-CA-Key\"\n#\nssh_keypairs_install_ca: []\n\n# filename in /etc/ssh/sshd_config.d to hold the CA and principals enablement config\nssh_keypairs_trusted_ca_config_file: \"00-openstack-ansible-trusted-ca.conf\"\n\n# location for the files defining authorised principals for ssh users\nssh_keypairs_authorized_principals_file: \"/etc/ssh/auth_principals/%u_principals\"\n\n# Install user principals configuration\n#\n# ssh_keypairs_principals:\n#  # To login to the root user a signed SSH key must have either the\n#  # 'root-everywhere' or 'webservers' principal.\n#  - user: root\n#     principals:\n#       - 'root-everywhere'\n#       - 'webservers'\n#\nssh_keypairs_principals: []\n\n# boolean to enable/disable installation of sshd certificate authorities\nssh_keypairs_install_authorities: true\n","created":"2025-12-14T10:05:09.973031Z","updated":"2025-12-14T10:05:09.973042Z","path":"/etc/ansible/ansible_collections/openstack/osa/roles/ssh_keypairs/defaults/main.yml"}