add-build-sshkey: remove previously authorized build-sshkey

This change improves the add-build-sshkey role to be usable for
static node where we need to clean-up previously added build-sshkey.

Change-Id: Ibcb2880deea4f7e51de51d6df11afc1de3fa4571
This commit is contained in:
Tristan Cacqueray 2019-01-23 06:23:22 +00:00
parent 54dd1db16e
commit fc90276349
3 changed files with 16 additions and 1 deletions

View File

@ -13,3 +13,10 @@ newly generated private key.
.. zuul:rolevar:: zuul_temp_ssh_key
Where to put the newly-generated SSH private key.
.. zuul:rolevar:: zuul_build_sshkey_cleanup
:default: false
Remove previous build sshkey. Set it to true for single use static node.
Do not set it to true for multi-slot static nodes as it removes the
build key configured by other jobs.

View File

@ -1,8 +1,15 @@
- name: Create Temp SSH key
command: ssh-keygen -t rsa -b 1024 -N '' -f {{ zuul_temp_ssh_key }}
command: ssh-keygen -t rsa -b 1024 -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }}
delegate_to: localhost
run_once: true
- name: Remove previously added zuul-build-sshkey
lineinfile:
path: "~/.ssh/authorized_keys"
regexp: ".* zuul-build-sshkey$"
state: absent
when: zuul_build_sshkey_cleanup
- name: Enable access via build key on all nodes
authorized_key:
user: "{{ ansible_ssh_user }}"

View File

@ -1 +1,2 @@
zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
zuul_build_sshkey_cleanup: false