fc90276349
This change improves the add-build-sshkey role to be usable for static node where we need to clean-up previously added build-sshkey. Change-Id: Ibcb2880deea4f7e51de51d6df11afc1de3fa4571
23 lines
859 B
ReStructuredText
23 lines
859 B
ReStructuredText
Generate and install a build-local SSH key on all hosts
|
|
|
|
This role is intended to be run on the Zuul Executor at the start of
|
|
every job. It generates an SSH keypair and installs the public key in
|
|
the authorized_keys file of every host in the inventory. It then
|
|
removes the Zuul master key from this job's SSH agent so that the
|
|
original key used to log into all of the hosts is no longer accessible
|
|
(any per-project keys, if present, remain available), then adds the
|
|
newly generated private key.
|
|
|
|
**Role Variables**
|
|
|
|
.. zuul:rolevar:: zuul_temp_ssh_key
|
|
|
|
Where to put the newly-generated SSH private key.
|
|
|
|
.. zuul:rolevar:: zuul_build_sshkey_cleanup
|
|
:default: false
|
|
|
|
Remove previous build sshkey. Set it to true for single use static node.
|
|
Do not set it to true for multi-slot static nodes as it removes the
|
|
build key configured by other jobs.
|