77a07ffca1
Add a role that injects given public keys on a build's node set if the build fails. This is intended to be used with zuul's `autohold` command so that privileged users can SSH into the node set without having to use Zuul's ansible user's private key. Change-Id: I963e82f32a99cacea663792049cb39453e776ece
1.1 KiB
1.1 KiB
Install SSH public key(s) on all hosts
This role is intended to be run at the end of a failed job for which the build node set will be held with zuul's autohold command.
It copies the public key(s) into the authorized_keys file of every host in the inventory, allowing privileged users to access the node set for debugging or post-mortem analysis.
Add this stanza at the end of your project's base post playbook to activate this functionality:
- hosts: all
roles:
- role: add-authorized-keys
public_keys:
- public_key: ssh-rsa AAAAB... venkman@parapsy.columbia.edu
- public_key: ssh-rsa AAAAB... spengler@parapsy.columbia.edu
when: not zuul_success | boolCaution
Including this role earlier in any playbook may allow the keys' owners to tamper with the execution of the jobs. It is strongly advised against doing so.
Role Variables
A list of keys to inject.
A public key to inject into authorized_keys, or a URL to a public key.