Merge "Role to copy the build ssh key to other users"
This commit is contained in:
commit
efd52db5a7
|
@ -0,0 +1,17 @@
|
|||
Copy a build-local SSH key to a defined user on all hosts
|
||||
|
||||
This role is intended to be run on the Zuul Executor. It copies a generated
|
||||
build specific ssh key to a user and adds it to the authorized_keys file of
|
||||
every host in the inventory.
|
||||
|
||||
**Role Variables**
|
||||
|
||||
.. zuul:rolevar:: zuul_temp_ssh_key
|
||||
:default: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
|
||||
|
||||
Where to source the build private key
|
||||
|
||||
.. zuul:rolevar:: copy_sshkey_target_user
|
||||
:default: root
|
||||
|
||||
The user to copy the sshkey to.
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
# Add the authorization first, to take advantage of manage_dir
|
||||
- name: Authorize build key
|
||||
authorized_key:
|
||||
user: "{{ copy_sshkey_target_user }}"
|
||||
manage_dir: yes
|
||||
key: "{{ lookup('file', zuul_temp_ssh_key ~ '.pub') }}"
|
||||
|
||||
# Use a block to add become to a set of tasks
|
||||
- block:
|
||||
- name: Install the build private key
|
||||
copy:
|
||||
src: "{{ zuul_temp_ssh_key }}"
|
||||
dest: "~/.ssh/id_rsa"
|
||||
mode: 0600
|
||||
force: no
|
||||
|
||||
- name: Install the build public key
|
||||
copy:
|
||||
src: "{{ zuul_temp_ssh_key }}.pub"
|
||||
dest: "~/.ssh/id_rsa.pub"
|
||||
mode: 0644
|
||||
force: no
|
||||
become: true
|
||||
become_user: "{{ copy_sshkey_target_user }}"
|
|
@ -0,0 +1,2 @@
|
|||
zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
|
||||
copy_sshkey_target_user: root
|
Loading…
Reference in New Issue