Add a role to remove an ssh private key
A role was added to add a private key. This role is a companion that will remove the private key, as an extra precaution around the secret. There is a non-zero chance the nodepool resource will not get properly cleaned up, so we want to ensure that we do our best to clean out the secrets. Change-Id: Ib365b2d9304d7ccdc03df97b1d2ad924d6e8513b
This commit is contained in:
Jesse Keating
parent
b214e276ec
commit
01e843d990
16
roles/remove-sshkey/README.rst
Normal file
16
roles/remove-sshkey/README.rst
Normal file
@ -0,0 +1,16 @@
|
||||
Remove an added ssh key from the host.
|
||||
|
||||
**Role Variables**
|
||||
|
||||
.. zuul:rolevar:: ssh_key
|
||||
|
||||
Complex argument which contains the ssh key information. It is
|
||||
expected that this argument comes from a `Secret`.
|
||||
|
||||
.. zuul:rolevar:: ssh_known_hosts
|
||||
|
||||
String containing known host signature for the remote host.
|
||||
|
||||
.. zuul:rolevar:: fqdn
|
||||
|
||||
The FQDN of the remote host.
|
||||
9
roles/remove-sshkey/tasks/main.yaml
Normal file
9
roles/remove-sshkey/tasks/main.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
- name: Remove ssh key
|
||||
command: "shred ~/.ssh/id_rsa"
|
||||
|
||||
- name: remove host key information from known hosts
|
||||
known_hosts:
|
||||
name: "{{ ssh_key.fqdn }}"
|
||||
key: "{{ ssh_key.ssh_known_hosts }}"
|
||||
state: absent
|
||||
when: ssh_key.ssh_known_hosts is defined and ssh_key.fqdn is defined
|
||||
Loading…
Reference in New Issue
Block a user