Merge "Role to copy the build ssh key to other users"
This commit is contained in:
commit
efd52db5a7
|
@ -0,0 +1,17 @@
|
||||||
|
Copy a build-local SSH key to a defined user on all hosts
|
||||||
|
|
||||||
|
This role is intended to be run on the Zuul Executor. It copies a generated
|
||||||
|
build specific ssh key to a user and adds it to the authorized_keys file of
|
||||||
|
every host in the inventory.
|
||||||
|
|
||||||
|
**Role Variables**
|
||||||
|
|
||||||
|
.. zuul:rolevar:: zuul_temp_ssh_key
|
||||||
|
:default: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
|
||||||
|
|
||||||
|
Where to source the build private key
|
||||||
|
|
||||||
|
.. zuul:rolevar:: copy_sshkey_target_user
|
||||||
|
:default: root
|
||||||
|
|
||||||
|
The user to copy the sshkey to.
|
|
@ -0,0 +1,25 @@
|
||||||
|
---
|
||||||
|
# Add the authorization first, to take advantage of manage_dir
|
||||||
|
- name: Authorize build key
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ copy_sshkey_target_user }}"
|
||||||
|
manage_dir: yes
|
||||||
|
key: "{{ lookup('file', zuul_temp_ssh_key ~ '.pub') }}"
|
||||||
|
|
||||||
|
# Use a block to add become to a set of tasks
|
||||||
|
- block:
|
||||||
|
- name: Install the build private key
|
||||||
|
copy:
|
||||||
|
src: "{{ zuul_temp_ssh_key }}"
|
||||||
|
dest: "~/.ssh/id_rsa"
|
||||||
|
mode: 0600
|
||||||
|
force: no
|
||||||
|
|
||||||
|
- name: Install the build public key
|
||||||
|
copy:
|
||||||
|
src: "{{ zuul_temp_ssh_key }}.pub"
|
||||||
|
dest: "~/.ssh/id_rsa.pub"
|
||||||
|
mode: 0644
|
||||||
|
force: no
|
||||||
|
become: true
|
||||||
|
become_user: "{{ copy_sshkey_target_user }}"
|
|
@ -0,0 +1,2 @@
|
||||||
|
zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
|
||||||
|
copy_sshkey_target_user: root
|
Loading…
Reference in New Issue