openstack/project-config
Code Issues Proposed changes
159f7cd985
project-config/nodepool/elements/zuul-worker/README.rst
Ian Wienand 0feb838506 Don't use devuser for zuul-worker 
The devuser element is designed to add a single development user and
manage their keys.  Any local use of devuser by a developer thus
silently conflicts with zuul-worker.

Additionally, this is currently tacitly taking the public-key from
~/.ssh/id_rsa.pub -- i.e. the public key of the currently building
user.  Mixing permissions from the builder into the final-image makes
sense for a development-user case, but not for deploying worker
accounts.

This simply creates the worker account by hand, which is easy enough.
To maintain the status-quo we still source ~/.ssh/id_rsa.pub by
default, but provide a documented flag to override this.

Change-Id: Ic9c9e415c158ad1f057b8d2aa2776dbe2bbd1e47
2016-06-27 11:01:47 +10:00

505 B
Raw Blame History

zuul-worker

Setup a node to be a zuul worker

User Creation

This element bakes in a zuul user on the host for the zuul-worker process to log in with.

By default login permissions (authorized_keys) will be populated for the zuul user from ~/.ssh/id_rsa.pub -- i.e. the public key of the currently building user. Specify an alternative filename in ZUUL_USER_SSH_PUBLIC_KEY to override this.

The zuul user is provided with passwordless sudo access.