Add parameter to upload-git-mirror to specify ssh host key
If we attempt to push a mirror to a host we've never connected to before, it won't be in the SSH known hosts and the mirror will fail. This makes a new host_key parameter required and the role takes care of setting it up in the known_hosts for the duration of the job. Change-Id: I4bd40a289003fe3e88c9af4029576236c064fc3d Depends-On: https://review.openstack.org/#/c/649183/
This commit is contained in:
parent
4ce2d40d68
commit
ed9f1d14a0
@ -20,11 +20,16 @@ superuser privileges to run.
|
||||
|
||||
SSH host for the remote git repository
|
||||
|
||||
.. zuul:rolevar:: key
|
||||
.. zuul:rolevar:: ssh_key
|
||||
|
||||
Literal private key contents.
|
||||
Should start with something like ``-----BEGIN RSA PRIVATE KEY-----``.
|
||||
|
||||
.. zuul:rolevar:: host_key
|
||||
|
||||
SSH host key of the remote git server.
|
||||
Can be obtained with ``ssh-keyscan -H <host>``.
|
||||
|
||||
.. zuul:rolevar:: git_mirror_repository
|
||||
|
||||
Path of the remote git repository
|
||||
|
@ -3,7 +3,8 @@
|
||||
# git_mirror_credentials:
|
||||
# user:
|
||||
# host:
|
||||
# key:
|
||||
# ssh_key:
|
||||
# host_key:
|
||||
|
||||
# Repository to replicate to
|
||||
# git_mirror_repository:
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
- name: Set up private key
|
||||
copy:
|
||||
content: "{{ git_mirror_credentials.key }}"
|
||||
content: "{{ git_mirror_credentials.ssh_key }}"
|
||||
dest: "{{ ssh_private_key_tmp.path }}"
|
||||
mode: 0600
|
||||
|
||||
@ -26,6 +26,12 @@
|
||||
mode: 0600
|
||||
block: "{{ ssh_config }}"
|
||||
|
||||
- name: Add host key to known hosts
|
||||
known_hosts:
|
||||
state: present
|
||||
name: "{{ git_mirror_credentials.host }}"
|
||||
key: "{{ git_mirror_credentials.host_key }}"
|
||||
|
||||
- name: Mirror the git repository
|
||||
command: git push --mirror {{ git_mirror_credentials.user }}@{{ git_mirror_credentials.host }}:{{ git_mirror_repository }}
|
||||
args:
|
||||
@ -45,3 +51,10 @@
|
||||
mode: 0600
|
||||
block: "{{ ssh_config }}"
|
||||
register: git_mirror_ssh_config_removed
|
||||
|
||||
- name: Remove host key from known hosts
|
||||
known_hosts:
|
||||
state: absent
|
||||
name: "{{ git_mirror_credentials.host }}"
|
||||
key: "{{ git_mirror_credentials.host_key }}"
|
||||
register: git_mirror_host_key_removed
|
||||
|
@ -68,11 +68,16 @@
|
||||
|
||||
SSH host for the remote git repository
|
||||
|
||||
.. zuul:jobvar:: key
|
||||
.. zuul:jobvar:: ssh_key
|
||||
|
||||
Literal private key contents.
|
||||
Should start with something like ``-----BEGIN RSA PRIVATE KEY-----``.
|
||||
|
||||
.. zuul:jobvar:: host_key
|
||||
|
||||
SSH host key of the remote git server.
|
||||
Can be obtained with ``ssh-keyscan -H <host>``.
|
||||
|
||||
.. zuul:jobvar:: git_mirror_repository
|
||||
|
||||
Path of the remote git repository
|
||||
|
Loading…
Reference in New Issue
Block a user