Key-based SSH authentication for root should be enabled before
changing the password, because if that fails (for example because
the user hasn't generated an SSH key pair yet) having changed the
root password will result in subsequent 'lcitool prepare' runs
failing to access the guest.
Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx>
---
guests/tasks/base.yml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/guests/tasks/base.yml b/guests/tasks/base.yml
index b220bb0..acdcc11 100644
--- a/guests/tasks/base.yml
+++ b/guests/tasks/base.yml
@@ -96,18 +96,18 @@
hostname:
name: '{{ inventory_hostname }}'
-- name: Configure root password and shell
- user:
- name: root
- password: '{{ lookup("file", lookup("env", "HOME") + "/.config/lcitool/.root-password.hash") }}'
- shell: '{{ bash }}'
-
- name: Configure ssh access for the root user
authorized_key:
user: root
key: '{{ lookup("file", lookup("env", "HOME") + "/.ssh/id_rsa.pub") }}'
state: present
+- name: Configure root password and shell
+ user:
+ name: root
+ password: '{{ lookup("file", lookup("env", "HOME") + "/.config/lcitool/.root-password.hash") }}'
+ shell: '{{ bash }}'
+
- name: Disable password authentication for the root user
lineinfile:
path: /etc/ssh/sshd_config
--
2.13.6
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
