zuul-user: add role to install system-config key
This moves the creation of a zuul user with the Zuul per-project key for system-config to a separate role from the static role, so it can be reused on other hosts. Change-Id: Ice605b70a2c42d9b85090406216253fec0820f50
This commit is contained in:
parent
ddc6a25706
commit
95606e6f86
@ -8,6 +8,12 @@
|
||||
that:
|
||||
- afs_root.stat.exists
|
||||
|
||||
- name: Install zuul user
|
||||
include_role:
|
||||
name: zuul-user
|
||||
vars:
|
||||
zuul_user_enable_sudo: True
|
||||
|
||||
- name: Install apache2
|
||||
apt:
|
||||
name:
|
||||
@ -71,6 +77,3 @@
|
||||
- 50-tarballs.opendev.org
|
||||
- 50-tarballs.openstack.org
|
||||
- 50-zuul-ci.org
|
||||
|
||||
- name: Install zuul user
|
||||
include_tasks: zuul.yaml
|
11
playbooks/roles/zuul-user/README.rst
Normal file
11
playbooks/roles/zuul-user/README.rst
Normal file
@ -0,0 +1,11 @@
|
||||
zuul user
|
||||
|
||||
Install a user ``zuul`` that has the per-project key from
|
||||
``system-config`` as an ``authorized_key``.
|
||||
|
||||
**Role Variables**
|
||||
|
||||
.. zuul:rolevar:: zuul_user_enable_sudo
|
||||
:default: False
|
||||
|
||||
Enable passwordless ``sudo`` access for the zuul user.
|
1
playbooks/roles/zuul-user/defaults/main.yaml
Normal file
1
playbooks/roles/zuul-user/defaults/main.yaml
Normal file
@ -0,0 +1 @@
|
||||
zuul_user_enable_sudo: False
|
@ -11,6 +11,7 @@
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0440
|
||||
when: zuul_user_enable_sudo
|
||||
|
||||
- name: Install system-config per-project key for zuul
|
||||
authorized_key:
|
||||
@ -18,3 +19,4 @@
|
||||
state: present
|
||||
key: |
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcXd/QJDEprSLh6N6bULnhchf9M+uzYBEJ2b51Au67FON+5M6VEj5Ut+DlkEPhabOP+tSv9Cn1HpmpBjdEOXdmBj6JS7G/gBb4w28oZDyNjrPT2ebpRw/XnVEkGfikR2J+j3o7CV+ybhLDalXm2TUDReVXnONUq3YzZbjRzoYs0xxrxyss47vZP0xFpsAt9jCMAJW2k6H589VUY38k9LFyhZUZ72FB6eJ68B9GN0TimBYm2DqvupBGQrRhkP8OZ0WoBV8PulKXaHVFdmfBNHB7E7FLlZKuiM6nkV4bOWMGOB/TF++wXBK86t9po3pWCM7+kr72xGRTE+6LuZ2z1K+h'
|
||||
comment: Zuul key from http://zuul.opendev.org/api/tenant/openstack/project-ssh-key/opendev/system-config.pub at 2020-02-26
|
Loading…
Reference in New Issue
Block a user