Key-based SSH authentication for root should be enabled before
changing the password, because if that fails (for example because
the user hasn't generated an SSH key pair yet) having changed the
root password will result in subsequent 'lcitool prepare' runs
failing to access the guest.

Signed-off-by: Andrea Bolognani <abolo...@redhat.com>
---
 guests/tasks/base.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/guests/tasks/base.yml b/guests/tasks/base.yml
index b220bb0..acdcc11 100644
--- a/guests/tasks/base.yml
+++ b/guests/tasks/base.yml
@@ -96,18 +96,18 @@
   hostname:
     name: '{{ inventory_hostname }}'
 
-- name: Configure root password and shell
-  user:
-    name: root
-    password: '{{ lookup("file", lookup("env", "HOME") + 
"/.config/lcitool/.root-password.hash") }}'
-    shell: '{{ bash }}'
-
 - name: Configure ssh access for the root user
   authorized_key:
     user: root
     key: '{{ lookup("file", lookup("env", "HOME") + "/.ssh/id_rsa.pub") }}'
     state: present
 
+- name: Configure root password and shell
+  user:
+    name: root
+    password: '{{ lookup("file", lookup("env", "HOME") + 
"/.config/lcitool/.root-password.hash") }}'
+    shell: '{{ bash }}'
+
 - name: Disable password authentication for the root user
   lineinfile:
     path: /etc/ssh/sshd_config
-- 
2.13.6

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to