46389b5187
This implements a module to directly interact with the ssh-agent so that the master key may be removed from the ssh-agent without removing any per-project keys. Change-Id: Ife91ad8afa9b41b0e779a832e298aca8d61ae98b
47 lines
1.1 KiB
YAML
47 lines
1.1 KiB
YAML
- name: Create Temp SSH key
|
|
command: ssh-keygen -t rsa -b 1024 -N '' -f {{ zuul_temp_ssh_key }}
|
|
delegate_to: localhost
|
|
run_once: true
|
|
|
|
- name: Enable access via build key on all nodes
|
|
authorized_key:
|
|
user: "{{ ansible_ssh_user }}"
|
|
state: present
|
|
key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
|
|
|
|
- name: Make sure user has a .ssh
|
|
file:
|
|
state: directory
|
|
path: "~/.ssh"
|
|
mode: 0700
|
|
|
|
- name: Install build private key as SSH key on all nodes
|
|
copy:
|
|
src: "{{ zuul_temp_ssh_key }}"
|
|
dest: "~/.ssh/id_rsa"
|
|
mode: 0600
|
|
force: no
|
|
|
|
- name: Install build public key as SSH key on all nodes
|
|
copy:
|
|
src: "{{ zuul_temp_ssh_key }}.pub"
|
|
dest: "~/.ssh/id_rsa.pub"
|
|
mode: 0644
|
|
force: no
|
|
|
|
- name: Remove master key from local agent
|
|
# The master key has a filename, all others (e.g., per-project keys)
|
|
# have "(stdin)" as a comment.
|
|
sshagent_remove_keys:
|
|
remove: '^(?!\(stdin\)).*'
|
|
delegate_to: localhost
|
|
run_once: true
|
|
|
|
- name: Add back temp key
|
|
command: ssh-add {{ zuul_temp_ssh_key }}
|
|
delegate_to: localhost
|
|
run_once: true
|
|
|
|
- name: Verify we can still SSH to all nodes
|
|
ping:
|