bundles/jenkins-ci: add ssh keys and config

2021-07-11 15:47:45 +02:00 · 2021-07-11 15:47:45 +02:00 · 72f148425a
parent 0a14d46cf2
commit 72f148425a
5 changed files with 26 additions and 2 deletions
--- a/bundles/jenkins-ci/files/ssh-config
+++ b/bundles/jenkins-ci/files/ssh-config
@ -0,0 +1,3 @@
+Host *
+    UserKnownHostsFile /dev/null
+    StrictHostKeyChecking no
--- a/bundles/jenkins-ci/items.py
+++ b/bundles/jenkins-ci/items.py
@ -6,6 +6,11 @@ directories = {
            'pkg_apt:jenkins',
        },
    },
+    '/var/lib/jenkins/.ssh': {
+        'mode': '0755',
+        'owner': 'git',
+        'group': 'git',
+    },
 }

 files = {
@ -14,8 +19,19 @@ files = {
            'svc_systemd:jenkins:restart',
        },
    },
+    '/var/lib/jenkins/.ssh/config': {
+        'source': 'ssh-config',
+    },
 }

+if node.metadata.get('jenkins-ci/install_ssh_key', False):
+    files['/var/lib/jenkins/.ssh/id_ed25519'] = {
+        'content': repo.vault.decrypt_file(f'jenkins-ci/files/ssh-keys/{node.name}.key.vault'),
+        'mode': '0600',
+        'owner': 'jenkins',
+        'group': 'jenkins',
+    }
+
 svc_systemd = {
    'jenkins': {
        'needs': {
--- a/data/jenkins-ci/files/ssh-keys/rx300.key.vault
+++ b/data/jenkins-ci/files/ssh-keys/rx300.key.vault
@ -0,0 +1 @@
+encrypt$gAAAAABg6vNNuCZcmhH52dQDiD4ePsbXhz0kHSjqX3yduJ6E5NylWEdKNtjtrfc9bu1WNnDBO0YpsqxIeax2u1xc6gstohVfbu2MgwGJKpA7J5Py6xiQL82YKJcwV7k0EZ7ilWbqlzXuSDh40KG3GWOTPiw_CbsbDEpCU09x1hUs1_0BTPAU6ln4t7ync7ZjFZf_vRBTlrnZWchzXoSwppzedAZeaptfhMWn_-8oARoYvxJf3pkmTSGjovNMvDak_sscq_M2rldng6_oboR4iTo_6eY6bpCjEGD3xMeSzLhDZsJ4c0l9bZBDef-NRWA7Ewptc4KYKVvzKlgyrByqSV8TCmYn4aBgOusv-VAW3VqKg2rHi3nq5L50zkPwWmHC6_rdtIS-pAlnR5A0HJYdXGyf2eQSq3UkrZA3BIFlqUWrvS8aTWxp9CUL5C9oRGpL8P3fVfExiqhmcLGamHZb1Y2kjxX8EMcSCRLgiVO9DwIpXlEm86HfgVcXaL0wpibM32PD0sspOPILThE5P9WETGhpFAWDkWR0WaYQjZuAVlXTtk8tgdh0vC2auQl2pEVbvvnZaa04Ohp2QgE3AJLg3tdekLciwCQmPm0bpX8xYvJ49vNWG-SCaAlLHzLVIMFXFY53-SBOHYnE
--- a/data/jenkins-ci/files/ssh-keys/rx300.pub
+++ b/data/jenkins-ci/files/ssh-keys/rx300.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZnYhsdtGUYJiFcvfqTLljGkInnFTOoDF/WZniLtPjH
--- a/nodes/rx300.py
+++ b/nodes/rx300.py
@ -87,6 +87,9 @@ nodes['rx300'] = {
        'icinga_options': {
            'pretty_name': 'franzi.business',
        },
+        'jenkins-ci': {
+            'install_ssh_key': True,
+        },
        'miniflux': {
            'domain': 'rss.franzi.business',
        },
@ -150,8 +153,8 @@ nodes['rx300'] = {
                    'domain': 'map.unicornsden.com',
                    'php': True,
                    'webroot_config': {
-                        'owner': 'git',
-                        'group': 'git',
+                        'owner': 'jenkins',
+                        'group': 'jenkins',
                        'mode': '0755',
                    },
                },
				`@ -0,0 +1 @@`
				encrypt$gAAAAABg6vNNuCZcmhH52dQDiD4ePsbXhz0kHSjqX3yduJ6E5NylWEdKNtjtrfc9bu1WNnDBO0YpsqxIeax2u1xc6gstohVfbu2MgwGJKpA7J5Py6xiQL82YKJcwV7k0EZ7ilWbqlzXuSDh40KG3GWOTPiw_CbsbDEpCU09x1hUs1_0BTPAU6ln4t7ync7ZjFZf_vRBTlrnZWchzXoSwppzedAZeaptfhMWn_-8oARoYvxJf3pkmTSGjovNMvDak_sscq_M2rldng6_oboR4iTo_6eY6bpCjEGD3xMeSzLhDZsJ4c0l9bZBDef-NRWA7Ewptc4KYKVvzKlgyrByqSV8TCmYn4aBgOusv-VAW3VqKg2rHi3nq5L50zkPwWmHC6_rdtIS-pAlnR5A0HJYdXGyf2eQSq3UkrZA3BIFlqUWrvS8aTWxp9CUL5C9oRGpL8P3fVfExiqhmcLGamHZb1Y2kjxX8EMcSCRLgiVO9DwIpXlEm86HfgVcXaL0wpibM32PD0sspOPILThE5P9WETGhpFAWDkWR0WaYQjZuAVlXTtk8tgdh0vC2auQl2pEVbvvnZaa04Ohp2QgE3AJLg3tdekLciwCQmPm0bpX8xYvJ49vNWG-SCaAlLHzLVIMFXFY53-SBOHYnE
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHZnYhsdtGUYJiFcvfqTLljGkInnFTOoDF/WZniLtPjH`