zuul-jobs/roles/add-authorized-keys
Albin Vass 9062289151 Check for loop_control in with_ type loops
Change-Id: I191265df7709a6262b44a428d78fe28ffaeb4b75
2020-05-01 13:45:34 +02:00
..
tasks Check for loop_control in with_ type loops 2020-05-01 13:45:34 +02:00
README.rst role: Inject public keys in case of failure 2018-02-28 10:39:07 +00:00

Install SSH public key(s) on all hosts

This role is intended to be run at the end of a failed job for which the build node set will be held with zuul's autohold command.

It copies the public key(s) into the authorized_keys file of every host in the inventory, allowing privileged users to access the node set for debugging or post-mortem analysis.

Add this stanza at the end of your project's base post playbook to activate this functionality:

- hosts: all
  roles:
    - role: add-authorized-keys
      public_keys:
        - public_key: ssh-rsa AAAAB... venkman@parapsy.columbia.edu
        - public_key: ssh-rsa AAAAB... spengler@parapsy.columbia.edu
      when: not zuul_success | bool

Caution

Including this role earlier in any playbook may allow the keys' owners to tamper with the execution of the jobs. It is strongly advised against doing so.

Role Variables

A list of keys to inject.

A public key to inject into authorized_keys, or a URL to a public key.