zuul-user: add role to install system-config key

This moves the creation of a zuul user with the Zuul per-project key
for system-config to a separate role from the static role, so it can
be reused on other hosts.

Change-Id: Ice605b70a2c42d9b85090406216253fec0820f50
This commit is contained in:
Ian Wienand 2020-02-26 10:25:18 +11:00
parent ddc6a25706
commit 95606e6f86
5 changed files with 20 additions and 3 deletions

View File

@ -8,6 +8,12 @@
that:
- afs_root.stat.exists
- name: Install zuul user
include_role:
name: zuul-user
vars:
zuul_user_enable_sudo: True
- name: Install apache2
apt:
name:
@ -71,6 +77,3 @@
- 50-tarballs.opendev.org
- 50-tarballs.openstack.org
- 50-zuul-ci.org
- name: Install zuul user
include_tasks: zuul.yaml

View File

@ -0,0 +1,11 @@
zuul user
Install a user ``zuul`` that has the per-project key from
``system-config`` as an ``authorized_key``.
**Role Variables**
.. zuul:rolevar:: zuul_user_enable_sudo
:default: False
Enable passwordless ``sudo`` access for the zuul user.

View File

@ -0,0 +1 @@
zuul_user_enable_sudo: False

View File

@ -11,6 +11,7 @@
owner: root
group: root
mode: 0440
when: zuul_user_enable_sudo
- name: Install system-config per-project key for zuul
authorized_key:
@ -18,3 +19,4 @@
state: present
key: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcXd/QJDEprSLh6N6bULnhchf9M+uzYBEJ2b51Au67FON+5M6VEj5Ut+DlkEPhabOP+tSv9Cn1HpmpBjdEOXdmBj6JS7G/gBb4w28oZDyNjrPT2ebpRw/XnVEkGfikR2J+j3o7CV+ybhLDalXm2TUDReVXnONUq3YzZbjRzoYs0xxrxyss47vZP0xFpsAt9jCMAJW2k6H589VUY38k9LFyhZUZ72FB6eJ68B9GN0TimBYm2DqvupBGQrRhkP8OZ0WoBV8PulKXaHVFdmfBNHB7E7FLlZKuiM6nkV4bOWMGOB/TF++wXBK86t9po3pWCM7+kr72xGRTE+6LuZ2z1K+h'
comment: Zuul key from http://zuul.opendev.org/api/tenant/openstack/project-ssh-key/opendev/system-config.pub at 2020-02-26