add-build-sshkey: remove previously authorized build-sshkey
This change improves the add-build-sshkey role to be usable for static node where we need to clean-up previously added build-sshkey. Change-Id: Ibcb2880deea4f7e51de51d6df11afc1de3fa4571
This commit is contained in:
parent
54dd1db16e
commit
fc90276349
@ -13,3 +13,10 @@ newly generated private key.
|
|||||||
.. zuul:rolevar:: zuul_temp_ssh_key
|
.. zuul:rolevar:: zuul_temp_ssh_key
|
||||||
|
|
||||||
Where to put the newly-generated SSH private key.
|
Where to put the newly-generated SSH private key.
|
||||||
|
|
||||||
|
.. zuul:rolevar:: zuul_build_sshkey_cleanup
|
||||||
|
:default: false
|
||||||
|
|
||||||
|
Remove previous build sshkey. Set it to true for single use static node.
|
||||||
|
Do not set it to true for multi-slot static nodes as it removes the
|
||||||
|
build key configured by other jobs.
|
||||||
|
@ -1,8 +1,15 @@
|
|||||||
- name: Create Temp SSH key
|
- name: Create Temp SSH key
|
||||||
command: ssh-keygen -t rsa -b 1024 -N '' -f {{ zuul_temp_ssh_key }}
|
command: ssh-keygen -t rsa -b 1024 -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }}
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
|
- name: Remove previously added zuul-build-sshkey
|
||||||
|
lineinfile:
|
||||||
|
path: "~/.ssh/authorized_keys"
|
||||||
|
regexp: ".* zuul-build-sshkey$"
|
||||||
|
state: absent
|
||||||
|
when: zuul_build_sshkey_cleanup
|
||||||
|
|
||||||
- name: Enable access via build key on all nodes
|
- name: Enable access via build key on all nodes
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ ansible_ssh_user }}"
|
user: "{{ ansible_ssh_user }}"
|
||||||
|
@ -1 +1,2 @@
|
|||||||
zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
|
zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
|
||||||
|
zuul_build_sshkey_cleanup: false
|
||||||
|
Loading…
Reference in New Issue
Block a user