rhel-9-workshop Use env_authorized_key_path_pub (#7506)

* rhel-9-workshop Use env_authorized_key_path_pub

Moving to using the standard ssh key role

* Update pre_software.yml

* Update default_vars.yml

* Update default_vars.yml

ansible/configs/rhel9-workshop/default_vars.yml

@@ -11,7 +11,6 @@ output_dir:                   /tmp/workdir                    # Writable working
 email:                        "{{ env_type }}@opentlc.com"
 guid:                         "{{ env_type }}-00"
 uuid:                         "{{ guid }}"
-key_name:                     opentlc_admin_backdoor.pem 
 student_name:                 student                         # Default ssh account
 lab_user:                     devops                          # Ansible Service Account
 admin_user:                   opentlc-mgr
@@ -60,7 +59,6 @@ install_bastion_lite: true
 # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key`
 # you can use the key used to create the environment or use your own self generated key
 env_authorized_key: "{{guid}}key"
-ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem
 set_env_authorized_key: true
 
 # Is this running from Red Hat Ansible Tower

ansible/configs/rhel9-workshop/pre_infra.yml

@@ -10,21 +10,3 @@
   tasks:
     - debug:
         msg: "Step 000 Pre Infrastructure"
-
-    - name: Generate SSH keys
-      shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N ""
-      args:
-        creates: "{{output_dir}}/{{env_authorized_key}}"
-      when: set_env_authorized_key | bool
-
-    - name: fix permission
-      file:
-        path: "{{output_dir}}/{{env_authorized_key}}"
-        mode: 0400
-      when: set_env_authorized_key | bool
-
-    - name: Generate SSH pub key
-      shell: ssh-keygen -y -f "{{output_dir}}/{{env_authorized_key}}" > "{{output_dir}}/{{env_authorized_key}}.pub"
-      args:
-        creates: "{{output_dir}}/{{env_authorized_key}}.pub"
-      when: set_env_authorized_key | bool

ansible/configs/rhel9-workshop/pre_software.yml

@@ -7,10 +7,6 @@
     - debug:
         msg: "Step 003 Pre Software"
 
-    - import_role:
-        name: infra-local-create-ssh_key
-      when: set_env_authorized_key | bool
-
     - name: Setup strong passwords
       set_fact:
         strong_login_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters,digits') }}"
@@ -20,44 +16,67 @@
         student_password:         "{{ strong_login_password }}"
 
 # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }}
-- name: Configure all hosts with Repositories, Common Files and Set environment key
-  hosts: all
+- name: Configure all hosts with repositories, common files and set environment key
+  hosts:
+  - all:!windows
   become: true
-  gather_facts: False
-  roles:
-    - { role: "set-repositories", when: 'repo_method is defined' }
-    - { role: "common", when: 'install_common' }
-    - { role: "set_env_authorized_key", when: set_env_authorized_key | bool }
+  gather_facts: false
   tags:
-    - step004
-    - common_tasks
-
-- name: Configuring Bastion Hosts
-  hosts: bastions 
+  - step003
+  - common_tasks
+  roles:
+  - role: set-repositories
+    when: repo_method is defined
+  - role: common
+    when: install_common | bool
+  - role: set_env_authorized_key
+    when: set_env_authorized_key | bool
+
+- name: Step 003.1 - Configuring Bastion Hosts
+  hosts: bastions
   become: true
-  tags:
-    - step004
-    - bastion_tasks
-
-  pre_tasks:
-    - name: Strong password brought from localhost 
-      set_fact: 
-        student_password:       "{{ hostvars['localhost']['student_password'] }}"
-
   roles:
-    - { role: "common", when: 'install_common | default(true) | bool' }
-    - { role: "bastion-lite", when: 'install_bastion_lite | default(true) |bool' }
-    - { role: "bastion-student-user", when: 'install_student_user | default(true) | bool' }
-    - { role: "bastion-opentlc-ipa", when: 'install_ipa_client | default(false)| bool' }
-    - { role: "control-user", when: 'install_control_user | default(true) | bool' }
-
-
-
-  ##
-  ##      BEGIN: RHEL 9 Workshop Pre-Software Steps
-  ##      
+  - role: bastion-lite
+    when: install_bastion | bool
+  - role: bastion-student-user
+    when: install_student_user | bool
+  tags:
+  - step003.1
+  - bastion_tasks
+  tasks:
+  - name: Setup Student SSH Key
+    when:
+    - install_student_user | bool
+    - student_name is defined
+    - env_authorized_key is defined
+    block:
+    - name: Copy SSH private key to student user .ssh directory
+      copy:
+        src: "/root/.ssh/{{ env_authorized_key }}.pem"
+        dest: "~{{ student_name }}/.ssh/{{ env_authorized_key }}.pem"
+        mode: u=rw,go=
+        owner: "{{ student_name }}"
+        remote_src: true
 
+    - name: Copy SSH public key to student user .ssh directory
+      copy:
+        src: "/root/.ssh/{{ env_authorized_key }}.pub"
+        dest: "~{{ student_name }}/.ssh/{{ env_authorized_key }}.pub"
+        mode: u=rw,go=
+        owner: "{{ student_name }}"
+        remote_src: true
 
+    - name: Copy SSH config to student user .ssh directory
+      copy:
+        src: "/root/.ssh/config"
+        dest: "~{{ student_name }}/.ssh/config"
+        mode: u=rw,go=
+        owner: "{{ student_name }}"
+        remote_src: true
+
+##
+##      BEGIN: RHEL 9 Workshop Pre-Software Steps
+##      
 
   tasks: