46389b5187
This implements a module to directly interact with the ssh-agent so that the master key may be removed from the ssh-agent without removing any per-project keys. Change-Id: Ife91ad8afa9b41b0e779a832e298aca8d61ae98b
16 lines
608 B
ReStructuredText
16 lines
608 B
ReStructuredText
Generate and install a build-local SSH key on all hosts
|
|
|
|
This role is intended to be run on the Zuul Executor at the start of
|
|
every job. It generates an SSH keypair and installs the public key in
|
|
the authorized_keys file of every host in the inventory. It then
|
|
removes the Zuul master key from this job's SSH agent so that the
|
|
original key used to log into all of the hosts is no longer accessible
|
|
(any per-project keys, if present, remain available), then adds the
|
|
newly generated private key.
|
|
|
|
**Role Variables**
|
|
|
|
.. zuul:rolevar:: zuul_temp_ssh_key
|
|
|
|
Where to put the newly-generated SSH private key.
|