a997073141
We don't need to be explicit, ssh-keygen will pick a good size for us. Meanwhile, 1024 bit keys are generally seen as security problems and thus ring bells and are refused by some servers/services. Change-Id: Iaea82e0b394a5a6b1da3b59637fc4e0f541e1978
54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
- name: Create Temp SSH key
|
|
command: ssh-keygen -t rsa -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }}
|
|
delegate_to: localhost
|
|
run_once: true
|
|
|
|
- name: Remove previously added zuul-build-sshkey
|
|
lineinfile:
|
|
path: "~/.ssh/authorized_keys"
|
|
regexp: ".* zuul-build-sshkey$"
|
|
state: absent
|
|
when: zuul_build_sshkey_cleanup
|
|
|
|
- name: Enable access via build key on all nodes
|
|
authorized_key:
|
|
user: "{{ ansible_ssh_user }}"
|
|
state: present
|
|
key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
|
|
|
|
- name: Make sure user has a .ssh
|
|
file:
|
|
state: directory
|
|
path: "~/.ssh"
|
|
mode: 0700
|
|
|
|
- name: Install build private key as SSH key on all nodes
|
|
copy:
|
|
src: "{{ zuul_temp_ssh_key }}"
|
|
dest: "~/.ssh/id_rsa"
|
|
mode: 0600
|
|
force: no
|
|
|
|
- name: Install build public key as SSH key on all nodes
|
|
copy:
|
|
src: "{{ zuul_temp_ssh_key }}.pub"
|
|
dest: "~/.ssh/id_rsa.pub"
|
|
mode: 0644
|
|
force: no
|
|
|
|
- name: Remove master key from local agent
|
|
# The master key has a filename, all others (e.g., per-project keys)
|
|
# have "(stdin)" as a comment.
|
|
sshagent_remove_keys:
|
|
remove: '^(?!\(stdin\)).*'
|
|
delegate_to: localhost
|
|
run_once: true
|
|
|
|
- name: Add back temp key
|
|
command: ssh-add {{ zuul_temp_ssh_key }}
|
|
delegate_to: localhost
|
|
run_once: true
|
|
|
|
- name: Verify we can still SSH to all nodes
|
|
ping:
|