zuul/zuul-jobs
Code Issues Proposed changes

Create a template for ssh-key and size

Browse Source 
Signed-off-by: GomathiselviS <gomathiselvi@gmail.com>
Change-Id: I0d34d3a0a40ea612dc06099b74d27216630f97c9
This commit is contained in:
GomathiselviS 2021-02-01 14:29:42 -05:00
parent 5bb91e867b
commit e693c19d9a
6 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
roles/add-build-sshkey/README.rst
View File

@ -11,12 +11,30 @@ newly generated private key.
**Role Variables** **Role Variables**
.. zuul:rolevar:: zuul_temp_ssh_key .. zuul:rolevar:: zuul_temp_ssh_key
:default: ``{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa``
Where to put the newly-generated SSH private key. Where to put the newly-generated SSH private key.
.. zuul:rolevar:: zuul_ssh_key_dest
:default: ``id_{{ zuul_ssh_key_algorithm }}``
File name for the the newly-generated SSH private key.
.. zuul:rolevar:: zuul_build_sshkey_cleanup .. zuul:rolevar:: zuul_build_sshkey_cleanup
:default: false :default: false
Remove previous build sshkey. Set it to true for single use static node. Remove previous build sshkey. Set it to true for single use static node.
Do not set it to true for multi-slot static nodes as it removes the Do not set it to true for multi-slot static nodes as it removes the
build key configured by other jobs. build key configured by other jobs.
.. zuul:rolevar:: zuul_ssh_key_algorithm
:default: rsa
The digital signature algorithm to be used to generate the key. Default value
'rsa'.
.. zuul:rolevar:: zuul_ssh_key_size
:default: 3072
Specifies the number of bits in the key to create. The default length is
3072 bits (RSA).

2
roles/add-build-sshkey/tasks/create-key-and-replace.yaml
View File

@ -1,5 +1,5 @@
- name: Create Temp SSH key - name: Create Temp SSH key
command: ssh-keygen -t rsa -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }} command: ssh-keygen -t {{ zuul_ssh_key_algorithm }} -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }} -b {{ zuul_ssh_key_size }}
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true

4
roles/add-build-sshkey/tasks/remote-linux.yaml
View File

@ -20,13 +20,13 @@
- name: Install build private key as SSH key on all nodes - name: Install build private key as SSH key on all nodes
copy: copy:
src: "{{ zuul_temp_ssh_key }}" src: "{{ zuul_temp_ssh_key }}"
dest: "~/.ssh/id_rsa" dest: "~/.ssh/{{ zuul_ssh_key_dest }}"
mode: 0600 mode: 0600
force: no force: no
- name: Install build public key as SSH key on all nodes - name: Install build public key as SSH key on all nodes
copy: copy:
src: "{{ zuul_temp_ssh_key }}.pub" src: "{{ zuul_temp_ssh_key }}.pub"
dest: "~/.ssh/id_rsa.pub" dest: "~/.ssh/{{ zuul_ssh_key_dest }}.pub"
mode: 0644 mode: 0644
force: no force: no

8
roles/add-build-sshkey/tasks/remote-windows.yaml
View File

@ -11,14 +11,14 @@
# We use scp here as this is much more performant than ansible copy # We use scp here as this is much more performant than ansible copy
echo "Copy build ssh keys to node" echo "Copy build ssh keys to node"
ssh -o BatchMode=yes -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} powershell "md -Force -Path .ssh" ssh -o BatchMode=yes -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} powershell "md -Force -Path .ssh"
scp -B {{ zuul_temp_ssh_key }} {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa scp -B {{ zuul_temp_ssh_key }} {{ ansible_user }}@{{ ansible_host }}:.ssh/{{ zuul_ssh_key_dest }}
scp -B {{ zuul_temp_ssh_key }}.pub {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa.pub scp -B {{ zuul_temp_ssh_key }}.pub {{ ansible_user }}@{{ ansible_host }}:.ssh/{{ zuul_ssh_key_dest }}.pub
echo "Add build ssh keys to authorized_keys" echo "Add build ssh keys to authorized_keys"
{% if win_admin_ssh | default(false) %} {% if win_admin_ssh | default(false) %}
ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\id_rsa.pub >> %programdata%\\ssh\\administrators_authorized_keys" ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\{{ zuul_ssh_key_dest }}.pub >> %programdata%\\ssh\\administrators_authorized_keys"
{% else %} {% else %}
ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\id_rsa.pub >> .ssh\\authorized_keys" ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\{{ zuul_ssh_key_dest }}.pub >> .ssh\\authorized_keys"
{% endif %} {% endif %}
register: windows_remote_ssh register: windows_remote_ssh
# Ignore errors here because this should not break non-ssh enabled windows hosts # Ignore errors here because this should not break non-ssh enabled windows hosts

5
roles/add-build-sshkey/vars/main.yaml
View File

@ -1,2 +1,5 @@
zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
zuul_build_sshkey_cleanup: false zuul_build_sshkey_cleanup: false
zuul_ssh_key_algorithm: "rsa"
zuul_ssh_key_size: "3072"
zuul_ssh_key_dest: "id_{{ zuul_ssh_key_algorithm }}"
zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_{{ zuul_ssh_key_algorithm }}"

2
roles/remove-build-sshkey/vars/main.yaml
View File

@ -1 +1 @@
zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.build }}_id_rsa" zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.build }}_id_{{ zuul_ssh_key_algorithm }}"