Allow Zuul to log into bridge
Allow post-review jobs running under system-config and project-config to ssh into bridge in order to run Ansible. Change-Id: I841f87425349722ee69e2f4265b99b5ee0b5a2c8
This commit is contained in:
parent
9b12ffa25e
commit
c49d5d6f2b
@ -7,3 +7,12 @@
|
|||||||
- root-keys
|
- root-keys
|
||||||
- ansible-cron
|
- ansible-cron
|
||||||
- cloud-launcher-cron
|
- cloud-launcher-cron
|
||||||
|
tasks:
|
||||||
|
- name: Allow Zuul to trigger Ansible
|
||||||
|
authorized_key:
|
||||||
|
state: present
|
||||||
|
user: root
|
||||||
|
key: "{{ item }}"
|
||||||
|
loop:
|
||||||
|
- "https://zuul.openstack.org/api/project-ssh-key/openstack-infra/system-config.pub"
|
||||||
|
- "https://zuul.openstack.org/api/project-ssh-key/openstack-infra/project-config.pub"
|
||||||
|
@ -1 +1,2 @@
|
|||||||
ansible_python_interpreter: python3
|
ansible_python_interpreter: python3
|
||||||
|
bastion_key_exclusive: false
|
||||||
|
@ -2,4 +2,8 @@ Basic common server configuration
|
|||||||
|
|
||||||
**Role Variables**
|
**Role Variables**
|
||||||
|
|
||||||
* None
|
.. zuul:rolevar:: bastion_key_exclusive
|
||||||
|
:default: True
|
||||||
|
|
||||||
|
Whether the bastion ssh key is the only key allowed to ssh in as
|
||||||
|
root.
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
bastion_ipv4: 23.253.245.198,23.253.234.219
|
bastion_ipv4: 23.253.245.198,23.253.234.219
|
||||||
bastion_ipv6: 2001:4800:7818:101:3c21:a454:23ed:4072,2001:4800:7817:103:be76:4eff:fe04:5a1d
|
bastion_ipv6: 2001:4800:7818:101:3c21:a454:23ed:4072,2001:4800:7817:103:be76:4eff:fe04:5a1d
|
||||||
bastion_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp puppet-remote-2014-09-15
|
bastion_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp puppet-remote-2014-09-15
|
||||||
|
bastion_key_exclusive: true
|
||||||
base_packages:
|
base_packages:
|
||||||
- at
|
- at
|
||||||
- git
|
- git
|
||||||
|
@ -33,7 +33,7 @@
|
|||||||
authorized_key:
|
authorized_key:
|
||||||
state: present
|
state: present
|
||||||
user: root
|
user: root
|
||||||
exclusive: yes
|
exclusive: "{{ bastion_key_exclusive }}"
|
||||||
key: "{{ bastion_public_key }}"
|
key: "{{ bastion_public_key }}"
|
||||||
key_options: |
|
key_options: |
|
||||||
from="{{ bastion_ipv4 }},{{ bastion_ipv6 }},localhost"
|
from="{{ bastion_ipv4 }},{{ bastion_ipv6 }},localhost"
|
||||||
|
@ -49,3 +49,12 @@ def test_cloud_launcher_cron(host):
|
|||||||
with host.sudo():
|
with host.sudo():
|
||||||
crontab = host.check_output('crontab -l')
|
crontab = host.check_output('crontab -l')
|
||||||
assert 'run_cloud_launcher.sh' in crontab
|
assert 'run_cloud_launcher.sh' in crontab
|
||||||
|
|
||||||
|
|
||||||
|
def test_authorized_keys(host):
|
||||||
|
authorized_keys = host.file('/root/.ssh/authorized_keys')
|
||||||
|
assert authorized_keys.exists
|
||||||
|
|
||||||
|
content = authorized_keys.content.decode('utf8')
|
||||||
|
lines = content.split('\n')
|
||||||
|
assert len(lines) >= 3
|
||||||
|
Loading…
Reference in New Issue
Block a user