77a07ffca1
Add a role that injects given public keys on a build's node set if the build fails. This is intended to be used with zuul's `autohold` command so that privileged users can SSH into the node set without having to use Zuul's ansible user's private key. Change-Id: I963e82f32a99cacea663792049cb39453e776ece
1.1 KiB
1.1 KiB
Install SSH public key(s) on all hosts
This role is intended to be run at the end of a failed job for which the build node set will be held with zuul's autohold command.
It copies the public key(s) into the authorized_keys file of every host in the inventory, allowing privileged users to access the node set for debugging or post-mortem analysis.
Add this stanza at the end of your project's base post playbook to activate this functionality:
- hosts: all
roles:
- role: add-authorized-keys
public_keys:
- public_key: ssh-rsa AAAAB... venkman@parapsy.columbia.edu
- public_key: ssh-rsa AAAAB... spengler@parapsy.columbia.edu
when: not zuul_success | bool
Caution
Including this role earlier in any playbook may allow the keys' owners to tamper with the execution of the jobs. It is strongly advised against doing so.
Role Variables
A list of keys to inject.
A public key to inject into authorized_keys, or a URL to a public key.