0feb838506
The devuser element is designed to add a single development user and manage their keys. Any local use of devuser by a developer thus silently conflicts with zuul-worker. Additionally, this is currently tacitly taking the public-key from ~/.ssh/id_rsa.pub -- i.e. the public key of the currently building user. Mixing permissions from the builder into the final-image makes sense for a development-user case, but not for deploying worker accounts. This simply creates the worker account by hand, which is easy enough. To maintain the status-quo we still source ~/.ssh/id_rsa.pub by default, but provide a documented flag to override this. Change-Id: Ic9c9e415c158ad1f057b8d2aa2776dbe2bbd1e47
18 lines
505 B
ReStructuredText
18 lines
505 B
ReStructuredText
zuul-worker
|
|
===========
|
|
|
|
Setup a node to be a zuul worker
|
|
|
|
User Creation
|
|
=============
|
|
|
|
This element bakes in a ``zuul`` user on the host for the zuul-worker
|
|
process to log in with.
|
|
|
|
By default login permissions (``authorized_keys``) will be populated
|
|
for the ``zuul`` user from ``~/.ssh/id_rsa.pub`` -- i.e. the public
|
|
key of the currently building user. Specify an alternative filename
|
|
in ``ZUUL_USER_SSH_PUBLIC_KEY`` to override this.
|
|
|
|
The ``zuul`` user is provided with passwordless ``sudo`` access.
|