Merge "Support ssh-enabled windows hosts in add-build-sshkey"

2020-04-15 10:00:16 +00:00 · 2020-04-15 10:00:16 +00:00 · 999c7c1c90
commit 999c7c1c90
parent 5068744eff b7f14309a7
3 changed files with 68 additions and 31 deletions
--- a/roles/add-build-sshkey/tasks/create-key-and-replace.yaml
+++ b/roles/add-build-sshkey/tasks/create-key-and-replace.yaml
@ -3,38 +3,13 @@
  delegate_to: localhost
  run_once: true

- name: Remove previously added zuul-build-sshkey
-  lineinfile:
-    path: "~/.ssh/authorized_keys"
-    regexp: ".* zuul-build-sshkey$"
-    state: absent
-  when: zuul_build_sshkey_cleanup
+- name: Remote setup ssh keys (linux)
+  include: remote-linux.yaml
+  when: ansible_os_family != "Windows"

- name: Enable access via build key on all nodes
-  authorized_key:
-    user: "{{ ansible_ssh_user }}"
-    state: present
-    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
-
- name: Make sure user has a .ssh
-  file:
-    state: directory
-    path: "~/.ssh"
-    mode: 0700
-
- name: Install build private key as SSH key on all nodes
-  copy:
-    src: "{{ zuul_temp_ssh_key }}"
-    dest: "~/.ssh/id_rsa"
-    mode: 0600
-    force: no
-
- name: Install build public key as SSH key on all nodes
-  copy:
-    src: "{{ zuul_temp_ssh_key }}.pub"
-    dest: "~/.ssh/id_rsa.pub"
-    mode: 0644
-    force: no
+- name: Remote setup ssh keys (windows)
+  include: remote-windows.yaml
+  when: ansible_os_family == "Windows"

 - name: Remove master key from local agent
  # The master key has a filename, all others (e.g., per-project keys)
@ -51,3 +26,13 @@

 - name: Verify we can still SSH to all nodes
  ping:
+  when: ansible_os_family != "Windows"
+
+- name: Verify we can still SSH to all nodes (windows)
+  command: ssh -o ConnectTimeout=10 {{ ansible_user }}@{{ ansible_host }} echo success
+  delegate_to: localhost
+  when:
+    - ansible_os_family == "Windows"
+    # Only run if we successfully configured the host. If not the host doesn't support
+    # ssh and the check shall not break them.
+    - windows_remote_ssh is succeeded
--- a/roles/add-build-sshkey/tasks/remote-linux.yaml
+++ b/roles/add-build-sshkey/tasks/remote-linux.yaml
@ -0,0 +1,32 @@
+- name: Remove previously added zuul-build-sshkey
+  lineinfile:
+    path: "~/.ssh/authorized_keys"
+    regexp: ".* zuul-build-sshkey$"
+    state: absent
+  when: zuul_build_sshkey_cleanup
+
+- name: Enable access via build key on all nodes
+  authorized_key:
+    user: "{{ ansible_ssh_user }}"
+    state: present
+    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
+
+- name: Make sure user has a .ssh
+  file:
+    state: directory
+    path: "~/.ssh"
+    mode: 0700
+
+- name: Install build private key as SSH key on all nodes
+  copy:
+    src: "{{ zuul_temp_ssh_key }}"
+    dest: "~/.ssh/id_rsa"
+    mode: 0600
+    force: no
+
+- name: Install build public key as SSH key on all nodes
+  copy:
+    src: "{{ zuul_temp_ssh_key }}.pub"
+    dest: "~/.ssh/id_rsa.pub"
+    mode: 0644
+    force: no
--- a/roles/add-build-sshkey/tasks/remote-windows.yaml
+++ b/roles/add-build-sshkey/tasks/remote-windows.yaml
@ -0,0 +1,20 @@
+- name: Configure ssh on remote node
+  delegate_to: localhost
+  shell: |+
+    set -eu
+
+    echo "Add node to known_hosts"
+    ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} echo success
+
+    echo
+
+    # We use scp here as this is much more performant than ansible copy
+    echo "Copy build ssh keys to node"
+    scp {{ zuul_temp_ssh_key }} {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa
+    scp {{ zuul_temp_ssh_key }}.pub {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa.pub
+
+    echo "Add build ssh keys to authorized_keys"
+    ssh {{ ansible_user }}@{{ ansible_host }} "type .ssh\\id_rsa.pub >> .ssh\\authorized_keys"
+  register: windows_remote_ssh
+  # Ignore errors here because this should not break non-ssh enabled windows hosts
+  ignore_errors: true