zuul/zuul-jobs
Code Issues Proposed changes

Add parameter to upload-git-mirror to specify ssh host key

Browse Source 
If we attempt to push a mirror to a host we've never connected to
before, it won't be in the SSH known hosts and the mirror will fail.

This makes a new host_key parameter required and the role takes care
of setting it up in the known_hosts for the duration of the job.

Change-Id: I4bd40a289003fe3e88c9af4029576236c064fc3d
Depends-On: https://review.openstack.org/#/c/649183/
This commit is contained in:
David Moreau Simard 2019-04-01 09:56:47 -04:00
parent 4ce2d40d68
commit ed9f1d14a0
No known key found for this signature in database
GPG Key ID: CBEB466764A9E621
4 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/upload-git-mirror/README.rst
View File

@ -20,11 +20,16 @@ superuser privileges to run.
SSH host for the remote git repository SSH host for the remote git repository
.. zuul:rolevar:: key .. zuul:rolevar:: ssh_key
Literal private key contents. Literal private key contents.
Should start with something like ``-----BEGIN RSA PRIVATE KEY-----``. Should start with something like ``-----BEGIN RSA PRIVATE KEY-----``.
.. zuul:rolevar:: host_key
SSH host key of the remote git server.
Can be obtained with ``ssh-keyscan -H <host>``.
.. zuul:rolevar:: git_mirror_repository .. zuul:rolevar:: git_mirror_repository
Path of the remote git repository Path of the remote git repository

3
roles/upload-git-mirror/defaults/main.yaml
View File

@ -3,7 +3,8 @@
# git_mirror_credentials: # git_mirror_credentials:
# user: # user:
# host: # host:
# key: # ssh_key:
# host_key:
# Repository to replicate to # Repository to replicate to
# git_mirror_repository: # git_mirror_repository:

15
roles/upload-git-mirror/tasks/main.yaml
View File

@ -6,7 +6,7 @@
- name: Set up private key - name: Set up private key
copy: copy:
content: "{{ git_mirror_credentials.key }}" content: "{{ git_mirror_credentials.ssh_key }}"
dest: "{{ ssh_private_key_tmp.path }}" dest: "{{ ssh_private_key_tmp.path }}"
mode: 0600 mode: 0600
@ -26,6 +26,12 @@
mode: 0600 mode: 0600
block: "{{ ssh_config }}" block: "{{ ssh_config }}"
- name: Add host key to known hosts
known_hosts:
state: present
name: "{{ git_mirror_credentials.host }}"
key: "{{ git_mirror_credentials.host_key }}"
- name: Mirror the git repository - name: Mirror the git repository
command: git push --mirror {{ git_mirror_credentials.user }}@{{ git_mirror_credentials.host }}:{{ git_mirror_repository }} command: git push --mirror {{ git_mirror_credentials.user }}@{{ git_mirror_credentials.host }}:{{ git_mirror_repository }}
args: args:
@ -45,3 +51,10 @@
mode: 0600 mode: 0600
block: "{{ ssh_config }}" block: "{{ ssh_config }}"
register: git_mirror_ssh_config_removed register: git_mirror_ssh_config_removed
- name: Remove host key from known hosts
known_hosts:
state: absent
name: "{{ git_mirror_credentials.host }}"
key: "{{ git_mirror_credentials.host_key }}"
register: git_mirror_host_key_removed

7
zuul.yaml
View File

@ -68,11 +68,16 @@
SSH host for the remote git repository SSH host for the remote git repository
.. zuul:jobvar:: key .. zuul:jobvar:: ssh_key
Literal private key contents. Literal private key contents.
Should start with something like ``-----BEGIN RSA PRIVATE KEY-----``. Should start with something like ``-----BEGIN RSA PRIVATE KEY-----``.
.. zuul:jobvar:: host_key
SSH host key of the remote git server.
Can be obtained with ``ssh-keyscan -H <host>``.
.. zuul:jobvar:: git_mirror_repository .. zuul:jobvar:: git_mirror_repository
Path of the remote git repository Path of the remote git repository