File: /var/lib/zuul/builds/12605d0f265041e4a47caf8898783c00/trusted/project_1/opendev.org/zuul/zuul-jobs/roles/add-build-sshkey/tasks/create-key-and-replace.yaml

Last updated: 2019-08-26 10:16:12

Ansible version: 2.7.9

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
- name: Create Temp SSH key
  command: ssh-keygen -t rsa -b 1024 -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }}
  delegate_to: localhost
  run_once: true

- name: Remove previously added zuul-build-sshkey
  lineinfile:
    path: "~/.ssh/authorized_keys"
    regexp: ".* zuul-build-sshkey$"
    state: absent
  when: zuul_build_sshkey_cleanup

- name: Enable access via build key on all nodes
  authorized_key:
    user: "{{ ansible_ssh_user }}"
    state: present
    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"

- name: Make sure user has a .ssh
  file:
    state: directory
    path: "~/.ssh"
    mode: 0700

- name: Install build private key as SSH key on all nodes
  copy:
    src: "{{ zuul_temp_ssh_key }}"
    dest: "~/.ssh/id_rsa"
    mode: 0600
    force: no

- name: Install build public key as SSH key on all nodes
  copy:
    src: "{{ zuul_temp_ssh_key }}.pub"
    dest: "~/.ssh/id_rsa.pub"
    mode: 0644
    force: no

- name: Remove master key from local agent
  # The master key has a filename, all others (e.g., per-project keys)
  # have "(stdin)" as a comment.
  sshagent_remove_keys:
    remove: '^(?!\(stdin\)).*'
  delegate_to: localhost
  run_once: true

- name: Add back temp key
  command: ssh-add {{ zuul_temp_ssh_key }}
  delegate_to: localhost
  run_once: true

- name: Verify we can still SSH to all nodes
  ping: