bundles/jenkins-ci: add ssh keys and config

2021-07-11 15:47:45 +02:00 · 2021-07-11 15:47:45 +02:00 · 72f148425a
commit 72f148425a
parent 0a14d46cf2
5 changed files with 26 additions and 2 deletions
--- a/bundles/jenkins-ci/files/ssh-config
+++ b/bundles/jenkins-ci/files/ssh-config
@ -0,0 +1,3 @@
+Host *
+    UserKnownHostsFile /dev/null
+    StrictHostKeyChecking no
--- a/bundles/jenkins-ci/items.py
+++ b/bundles/jenkins-ci/items.py
@ -6,6 +6,11 @@ directories = {
            'pkg_apt:jenkins',
        },
    },
+    '/var/lib/jenkins/.ssh': {
+        'mode': '0755',
+        'owner': 'git',
+        'group': 'git',
+    },
 }

 files = {
@ -14,8 +19,19 @@ files = {
            'svc_systemd:jenkins:restart',
        },
    },
+    '/var/lib/jenkins/.ssh/config': {
+        'source': 'ssh-config',
+    },
 }

+if node.metadata.get('jenkins-ci/install_ssh_key', False):
+    files['/var/lib/jenkins/.ssh/id_ed25519'] = {
+        'content': repo.vault.decrypt_file(f'jenkins-ci/files/ssh-keys/{node.name}.key.vault'),
+        'mode': '0600',
+        'owner': 'jenkins',
+        'group': 'jenkins',
+    }
+
 svc_systemd = {
    'jenkins': {
        'needs': {