From fc90276349d316caab68f18feab1ea04037eb7d4 Mon Sep 17 00:00:00 2001 From: Tristan Cacqueray Date: Wed, 23 Jan 2019 06:23:22 +0000 Subject: [PATCH] add-build-sshkey: remove previously authorized build-sshkey This change improves the add-build-sshkey role to be usable for static node where we need to clean-up previously added build-sshkey. Change-Id: Ibcb2880deea4f7e51de51d6df11afc1de3fa4571 --- roles/add-build-sshkey/README.rst | 7 +++++++ roles/add-build-sshkey/tasks/create-key-and-replace.yaml | 9 ++++++++- roles/add-build-sshkey/vars/main.yml | 1 + 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/add-build-sshkey/README.rst b/roles/add-build-sshkey/README.rst index 5119a14d6..1c644cec3 100644 --- a/roles/add-build-sshkey/README.rst +++ b/roles/add-build-sshkey/README.rst @@ -13,3 +13,10 @@ newly generated private key. .. zuul:rolevar:: zuul_temp_ssh_key Where to put the newly-generated SSH private key. + +.. zuul:rolevar:: zuul_build_sshkey_cleanup + :default: false + + Remove previous build sshkey. Set it to true for single use static node. + Do not set it to true for multi-slot static nodes as it removes the + build key configured by other jobs. diff --git a/roles/add-build-sshkey/tasks/create-key-and-replace.yaml b/roles/add-build-sshkey/tasks/create-key-and-replace.yaml index 79a3304bc..a336ccb80 100644 --- a/roles/add-build-sshkey/tasks/create-key-and-replace.yaml +++ b/roles/add-build-sshkey/tasks/create-key-and-replace.yaml @@ -1,8 +1,15 @@ - name: Create Temp SSH key - command: ssh-keygen -t rsa -b 1024 -N '' -f {{ zuul_temp_ssh_key }} + command: ssh-keygen -t rsa -b 1024 -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }} delegate_to: localhost run_once: true +- name: Remove previously added zuul-build-sshkey + lineinfile: + path: "~/.ssh/authorized_keys" + regexp: ".* zuul-build-sshkey$" + state: absent + when: zuul_build_sshkey_cleanup + - name: Enable access via build key on all nodes authorized_key: user: "{{ ansible_ssh_user }}" diff --git a/roles/add-build-sshkey/vars/main.yml b/roles/add-build-sshkey/vars/main.yml index 02108ff19..457a12ee6 100644 --- a/roles/add-build-sshkey/vars/main.yml +++ b/roles/add-build-sshkey/vars/main.yml @@ -1 +1,2 @@ zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa" +zuul_build_sshkey_cleanup: false