To receive notifications about scheduled maintenance, please subscribe to the mailing-list gitlab-operations@sympa.ethz.ch. You can subscribe to the mailing-list at https://sympa.ethz.ch

Commit dc7aa36f authored by Bengt Giger's avatar Bengt Giger
Browse files

Merge branch 'admin-keys' into 'master'

Admin keys

See merge request !1
parents 42b1df0d a3916743
Pipeline #89813 passed with stage
in 6 minutes and 49 seconds
......@@ -74,3 +74,20 @@ rsyslog_forwarder-test:
changes:
- .gitlab-ci.yml
- roles/rsyslog_forwarder/**/*
# Test administrator_keys on Kubernetes
administrator_keys-test:
stage: tests
tags:
- k8s-runner
variables:
DOCKER_HOST: tcp://localhost:2375
script:
- cd roles/administrator_keys;
molecule test;
molecule test -s remove;
molecule test -s user;
only:
changes:
- .gitlab-ci.yml
- roles/administrator_keys/**/*
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: disable
truthy: disable
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
---
admin_user: root
admin_keys: []
admin_obsolete_keys: []
---
# handlers file for administrator_keys
*******
Delegated driver installation guide
*******
Requirements
============
This driver is delegated to the developer. Up to the developer to implement
requirements.
Install
=======
This driver is delegated to the developer. Up to the developer to implement
requirements.
---
- name: Converge
hosts: all
vars:
admin_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDyg/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUENlyDCpCZ0HN3bLgNM1WoZCWIOUKTHvLU3OJNx1GwOf2eiVIBF+HIq6u8wjyP7qmqg9jLFHoDtjhwmkuJXvm4wY9PlXUfFbdV4AWEKJstQsmTjBrBMAMms6JZU+jkrMqmeknNxGopdPDzj87oc2clU/RicVQcCg6zKvcApZsxbE6G9kLi6K86yDQUMHwttRizVNwNpcLrj0tzd7PGLJh/8p2EDlVsBp++JxQjLKMYANXOL3IvdvEfyxbTlbJDgT8jj1K0tqwL30DZl5Lt0SvBxaplXA/k+5uiidYhJS5HD720vEEXz682BWfd0uXMn/kNrzIMvwvZ0ARK71mBBsewIsELFkhHxKqdf2wWzKA0o7cOmltjh7U64hZ+oCDrzRVhcf/8FZL0f49lB75Zf8kWfrFcZD84ZhsMJKbt8fxh2OQbNliK6Ny1eUVjkvuIuJSmQwxIq9C35oQH69Rx4dFta+VFBxeoAjSp40+7k+QRZKvQde3kfK+62xYbL8vamp1Q5ZDXjmRv8zZrmICQdKuAxZkIUai5DnkZpFqAiIqYv0FB5c1XnuUGztCIkw== test1@ethz.ch"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKODDPHDigHe6X39fV/71WRVcd0OemQM4TiCq4VMLwLb test2@ethz.ch"
tasks:
- name: "Include administrator_keys"
include_role:
name: "administrator_keys"
---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint -c molecule/default/yaml-lint.yml tasks
ansible-lint tasks
platforms:
- name: el8
# systemd enabled container setup
image: geerlingguy/docker-centos8-ansible:latest
pre_build_image: true
- name: debian10
# systemd enabled container setup
image: registry.ethz.ch/ansible-community/images/docker-debian10-ansible:latest
pre_build_image: true
- name: ubuntu2004
# systemd enabled container setup
image: geerlingguy/docker-ubuntu2004-ansible:latest
pre_build_image: true
provisioner:
name: ansible
verifier:
name: ansible
---
# This is an example playbook to execute Ansible tests.
- name: Verify
hosts: all
gather_facts: false
tasks:
- name: Get ssh authorized_keys file
shell:
cmd: "cat ~/.ssh/authorized_keys"
register: ssh_keys
- name: Test if keys are installed
assert:
that: "'{{ item }}' is in ssh_keys.stdout"
loop:
- test1
- test2
---
extends: default
rules:
line-length:
max: 190
level: warning
---
- name: Converge
hosts: all
vars:
admin_obsolete_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDyg/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUENlyDCpCZ0HN3bLgNM1WoZCWIOUKTHvLU3OJNx1GwOf2eiVIBF+HIq6u8wjyP7qmqg9jLFHoDtjhwmkuJXvm4wY9PlXUfFbdV4AWEKJstQsmTjBrBMAMms6JZU+jkrMqmeknNxGopdPDzj87oc2clU/RicVQcCg6zKvcApZsxbE6G9kLi6K86yDQUMHwttRizVNwNpcLrj0tzd7PGLJh/8p2EDlVsBp++JxQjLKMYANXOL3IvdvEfyxbTlbJDgT8jj1K0tqwL30DZl5Lt0SvBxaplXA/k+5uiidYhJS5HD720vEEXz682BWfd0uXMn/kNrzIMvwvZ0ARK71mBBsewIsELFkhHxKqdf2wWzKA0o7cOmltjh7U64hZ+oCDrzRVhcf/8FZL0f49lB75Zf8kWfrFcZD84ZhsMJKbt8fxh2OQbNliK6Ny1eUVjkvuIuJSmQwxIq9C35oQH69Rx4dFta+VFBxeoAjSp40+7k+QRZKvQde3kfK+62xYbL8vamp1Q5ZDXjmRv8zZrmICQdKuAxZkIUai5DnkZpFqAiIqYv0FB5c1XnuUGztCIkw== test1@ethz.ch"
tasks:
- name: "Include administrator_keys"
include_role:
name: "administrator_keys"
---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint -c molecule/default/yaml-lint.yml tasks
ansible-lint tasks
platforms:
- name: el8
# systemd enabled container setup
image: geerlingguy/docker-centos8-ansible:latest
pre_build_image: true
- name: debian10
# systemd enabled container setup
image: registry.ethz.ch/ansible-community/images/docker-debian10-ansible:latest
pre_build_image: true
- name: ubuntu2004
# systemd enabled container setup
image: geerlingguy/docker-ubuntu2004-ansible:latest
pre_build_image: true
provisioner:
name: ansible
verifier:
name: ansible
---
- name: Prepare
hosts: all
tasks:
- name: Install ssh keys
authorized_key:
user: root
state: present
key: "{{ item }}"
loop:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDyg/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUENlyDCpCZ0HN3bLgNM1WoZCWIOUKTHvLU3OJNx1GwOf2eiVIBF+HIq6u8wjyP7qmqg9jLFHoDtjhwmkuJXvm4wY9PlXUfFbdV4AWEKJstQsmTjBrBMAMms6JZU+jkrMqmeknNxGopdPDzj87oc2clU/RicVQcCg6zKvcApZsxbE6G9kLi6K86yDQUMHwttRizVNwNpcLrj0tzd7PGLJh/8p2EDlVsBp++JxQjLKMYANXOL3IvdvEfyxbTlbJDgT8jj1K0tqwL30DZl5Lt0SvBxaplXA/k+5uiidYhJS5HD720vEEXz682BWfd0uXMn/kNrzIMvwvZ0ARK71mBBsewIsELFkhHxKqdf2wWzKA0o7cOmltjh7U64hZ+oCDrzRVhcf/8FZL0f49lB75Zf8kWfrFcZD84ZhsMJKbt8fxh2OQbNliK6Ny1eUVjkvuIuJSmQwxIq9C35oQH69Rx4dFta+VFBxeoAjSp40+7k+QRZKvQde3kfK+62xYbL8vamp1Q5ZDXjmRv8zZrmICQdKuAxZkIUai5DnkZpFqAiIqYv0FB5c1XnuUGztCIkw== test1@ethz.ch"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKODDPHDigHe6X39fV/71WRVcd0OemQM4TiCq4VMLwLb test2@ethz.ch"
---
# This is an example playbook to execute Ansible tests.
- name: Verify
hosts: all
gather_facts: false
tasks:
- name: Get ssh authorized_keys file
shell:
cmd: "cat ~/.ssh/authorized_keys"
register: ssh_keys
changed_when: false
- name: Test if key test1 is absent
assert:
that: "'test1' is not in ssh_keys.stdout"
- name: Test if key test2 is still present
assert:
that: "'test2' is in ssh_keys.stdout"
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCjgwzxw4oB3ul9/X1f+9VkVXHdDnpkDOE4gquFTC8C2wAAAJiQPeD7kD3g
+wAAAAtzc2gtZWQyNTUxOQAAACCjgwzxw4oB3ul9/X1f+9VkVXHdDnpkDOE4gquFTC8C2w
AAAEDUMnMqoBr4JMZsBSfEA+XbIrdO6IgCiSLsx9p+szQhfKODDPHDigHe6X39fV/71WRV
cd0OemQM4TiCq4VMLwLbAAAAFWJnaWdlckBydXJpa28uZXRoei5jaA==
-----END OPENSSH PRIVATE KEY-----
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKODDPHDigHe6X39fV/71WRVcd0OemQM4TiCq4VMLwLb bgiger@ruriko.ethz.ch
---
- name: Converge
hosts: all
remote_user: ansible
vars:
admin_user: ansible
admin_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDyg/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUENlyDCpCZ0HN3bLgNM1WoZCWIOUKTHvLU3OJNx1GwOf2eiVIBF+HIq6u8wjyP7qmqg9jLFHoDtjhwmkuJXvm4wY9PlXUfFbdV4AWEKJstQsmTjBrBMAMms6JZU+jkrMqmeknNxGopdPDzj87oc2clU/RicVQcCg6zKvcApZsxbE6G9kLi6K86yDQUMHwttRizVNwNpcLrj0tzd7PGLJh/8p2EDlVsBp++JxQjLKMYANXOL3IvdvEfyxbTlbJDgT8jj1K0tqwL30DZl5Lt0SvBxaplXA/k+5uiidYhJS5HD720vEEXz682BWfd0uXMn/kNrzIMvwvZ0ARK71mBBsewIsELFkhHxKqdf2wWzKA0o7cOmltjh7U64hZ+oCDrzRVhcf/8FZL0f49lB75Zf8kWfrFcZD84ZhsMJKbt8fxh2OQbNliK6Ny1eUVjkvuIuJSmQwxIq9C35oQH69Rx4dFta+VFBxeoAjSp40+7k+QRZKvQde3kfK+62xYbL8vamp1Q5ZDXjmRv8zZrmICQdKuAxZkIUai5DnkZpFqAiIqYv0FB5c1XnuUGztCIkw== test1@ethz.ch"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKODDPHDigHe6X39fV/71WRVcd0OemQM4TiCq4VMLwLb test2@ethz.ch"
tasks:
- name: "Include administrator_keys"
include_role:
name: "administrator_keys"
---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint -c molecule/default/yaml-lint.yml tasks
ansible-lint tasks
platforms:
- name: el8
# systemd enabled container setup
image: geerlingguy/docker-centos8-ansible:latest
pre_build_image: true
- name: debian10
# systemd enabled container setup
image: registry.ethz.ch/ansible-community/images/docker-debian10-ansible:latest
pre_build_image: true
- name: ubuntu2004
# systemd enabled container setup
image: geerlingguy/docker-ubuntu2004-ansible:latest
pre_build_image: true
provisioner:
name: ansible
verifier:
name: ansible
---
- name: Prepare
hosts: all
tasks:
- name: Create user for test
user:
name: ansible
---
# This is an example playbook to execute Ansible tests.
- name: Verify
hosts: all
gather_facts: false
tasks:
- name: Get ssh authorized_keys file
shell:
cmd: "cat /home/ansible/.ssh/authorized_keys"
register: ssh_keys
changed_when: false
- name: Test if keys are installed
assert:
that: "'{{ item }}' is in ssh_keys.stdout"
loop:
- test1
- test2
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment