ssh keys + user-data

ac09efdd · Kristian Klausen · 1a22af08 · ac09efdd · ac09efdd · ac09efdd
Commit ac09efdd authored 3 years ago by Kristian Klausen
--- a/roles/gitlab_runner/files/libvirt-executor
+++ b/roles/gitlab_runner/files/libvirt-executor
@@ -2,9 +2,10 @@
 set -o nounset -o errexit -o pipefail
 readonly MIRROR="https://mirror.pkgbuild.com"
 readonly LIBVIRT_DEFAULT_POOL_PATH="/var/lib/libvirt/images"
+readonly STATE_DIR="/usr/local/lib/libvirt-executor"

 ssh() {
-    command ssh -i foo_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=off "root@${vm_ip}"  "${@}"
+    command ssh -i "${STATE_DIR}/id_rsa" -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=off "root@${vm_ip}"  "${@}"
 }

 get_vm_ip() {
@@ -65,7 +66,7 @@ create_vm_template() {
    qemu-img resize "${image_path}" 10G
    trap "virsh destroy ${vm_name}; virsh undefine ${vm_name} --remove-all-storage; exit 1" EXIT
    virt-install --name "${vm_name}" \
-                 --cloud-init user-data=$PWD/user-data \
+                 --cloud-init "user-data=${STATE_DIR}/user-data" \
                 --disk path="${image_path}",device=disk \
                 --os-type Linux \
                 --os-variant archlinux \

--- a/roles/gitlab_runner/files/user-data
+++ b/roles/gitlab_runner/files/user-data
+#cloud-config
+disable_root: false
+chpasswd:
+  list: |
+    root:1234
+  expire: false
+#ssh_pwauth: true
+users:
+  - name: root
+    ssh_authorized_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCXMJ9s2SPGLWk3tunOe6u5vs043etmAyeXvV7GZ+QRplFsTtCH2HnM+grWadlZY0hshRICOM7HLzMeLXoamKBQfEf2wLZmC9zr+2l+yg8Eb741CR/04dstn9APpfoyUydD6CoiWPlWCAcW3nzkXxWJIAZqEW6Vse5rD1Fd3LLADR8fmdkYfQ/TZFfUcKhGLbdx59brqvA+UWNw0a4W79dInCm/0BfOuZtFoSGUqOC2YG2vrKRSQenWBUY/muTVRhItG/uyo7sPvn9aUR7YGW5IiTzM9kMDbb0fJLeQyDdcprRIawuvR4ibVsw6lEVKeC2Xe+6wtC5wx962qQb6Xw1Y2EUGcnya6mQx94K6oP/5/MTqomu9ITFW04sN810DSLEw3Y6Z4fW09iNdTjkeywYqWuGQIH+yC0iH0pr8clArotI8JEMOmquYmWiyrsWZrkVZZ11GbyouWSf0M91RyO49wVghWXgYwN0YMWfjbs/9KKFgq08/kBp9cH4vldktOyM= kristian@scary
+runcmd:
+- [ sudo, touch, /etc/cloud/cloud-init.disabled ]
--- a/roles/gitlab_runner/tasks/main.yml
+++ b/roles/gitlab_runner/tasks/main.yml
@@ -65,6 +65,17 @@
 - name: install libvirt-executor script
  copy: src=libvirt-executor dest=/usr/local/sbin/ owner=root group=root mode=0755

+- name: create libvirt-executor state directory
+  file: path=/usr/local/lib/libvirt-executor state=directory owner=root group=root mode=0700
+
+- name: create SSH keys for libvirt-executor
+  command: ssh-keygen -N "" -f /usr/local/lib/libvirt-executor/id_rsa
+  args:
+    creates: /usr/local/lib/libvirt-executor/id_rsa
+
+- name: install user-data for libvirt-executor
+  copy: src=user-data dest=/usr/local/lib/libvirt-executor/ owner=root group=root mode=0755
+
 - name: install libvirt-executor-vm-template.{service,timer}
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  loop: