add pwdless-ssh to ol and ingress for haproxy

ol/create_instance.yml

@@ -295,6 +295,10 @@
     - name: Configure instance
       ansible.builtin.include_tasks: "host_setup.yml"
 
+    - name: Configure passwordless SSH
+      ansible.builtin.include_tasks: "passwordless_setup.yml"
+      when: passwordless_ssh
+
 - name: Update all rpm packages
   ansible.builtin.import_playbook: update_all_rpms.yml
   when: update_all

ol/default_vars.yml

@@ -38,4 +38,6 @@ vm_root_pass:
 cleanup_tmp: no
 
 update_all: false
-use_podman: false
+passwordless_ssh: false
+use_podman: false
+use_haproxy: false

ol/passwordless_setup.yml

@@ -0,0 +1,53 @@
+---
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# This software is made available to you under the terms of the Universal Permissive License (UPL), Version 1.0.
+# The Universal Permissive License (UPL), Version 1.0 (see COPYING or https://oss.oracle.com/licenses/upl)
+# See LICENSE.TXT for details.
+
+- name: Generate ssh keypair for user
+  community.crypto.openssh_keypair:
+    path: ~/.ssh/id_rsa
+    size: 2048
+    comment: ocne ssh keypair
+  become: true
+  become_user: "{{ username }}"
+
+- name: Fetch public key file from server
+  ansible.builtin.fetch:
+    src: "~/.ssh/id_rsa.pub"
+    dest: "buffer/{{ inventory_hostname }}-id_rsa.pub"
+    flat: true
+  become: true
+  become_user: "{{ username }}"
+
+- name: Copy public key to each destination
+  ansible.posix.authorized_key:
+    user: "{{ username }}"
+    state: present
+    key: "{{ lookup('file', 'buffer/{{ item }}-id_rsa.pub') }}"
+  loop: "{{ groups['all'] | flatten(levels=1) }}"
+  become: true
+
+- name: Print hostvars for groups
+  ansible.builtin.debug:
+    msg: "{{ hostvars[item] }}"
+  loop: "{{ groups['all'] | flatten(levels=1) }}"
+  when: debug_enabled
+
+- name: Print vnc subnet_domain_name
+  ansible.builtin.debug:
+    var: my_subnet_domain_name
+  when: debug_enabled
+
+- name: Accept new ssh fingerprints
+  ansible.builtin.shell: |
+    ssh-keyscan -t ecdsa-sha2-nistp256 \
+    {{ hostvars[item].ansible_hostname }},\
+    {{ hostvars[item].ansible_default_ipv4.address }},\
+    {{ hostvars[item].ansible_hostname + '.' + my_subnet_domain_name }} >> ~/.ssh/known_hosts
+  with_items:
+    - "{{ groups['all'] }}"
+  become: true
+  become_user: "{{ username }}"
+  register: result
+  changed_when: result.rc == 0

ol/templates/ingress_security_rules.j2

@@ -12,3 +12,11 @@ instance_ingress_security_rules:
       destination_port_range:
         max: 22
         min: 22
+{% if use_haproxy %}
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 8080
+        min: 8080
+{% endif %}