From 30d840ddbbb271131e9d1d83db252bfc9f6f2090 Mon Sep 17 00:00:00 2001
From: GomathiselviS <gomathiselvi@gmail.com>
Date: Fri, 26 Mar 2021 16:06:17 -0400
Subject: [PATCH] Revert
https://review.opendev.org/c/opendev/base-jobs/+/782864
This change was made to test https://review.opendev.org/c/zuul/zuul-jobs/+/773474 using base-test.
Now that the PR is merged, the changes made to test should be reverted.
Change-Id: I0e310dcbdb6c1e47f3575ef9da7d5560267ee3d9
---
playbooks/base-test/post.yaml | 2 +-
playbooks/base-test/pre.yaml | 2 +-
roles/add-build-sshkey-fork/README.rst | 40 -------------------
.../tasks/create-key-and-replace.yaml | 33 ---------------
roles/add-build-sshkey-fork/tasks/main.yaml | 11 -----
.../tasks/remote-linux.yaml | 32 ---------------
.../tasks/remote-windows.yaml | 25 ------------
roles/add-build-sshkey-fork/vars/main.yaml | 5 ---
roles/remove-build-sshkey-fork/README.rst | 10 -----
.../remove-build-sshkey-fork/tasks/main.yaml | 5 ---
roles/remove-build-sshkey-fork/vars/main.yaml | 1 -
11 files changed, 2 insertions(+), 164 deletions(-)
delete mode 100644 roles/add-build-sshkey-fork/README.rst
delete mode 100644 roles/add-build-sshkey-fork/tasks/create-key-and-replace.yaml
delete mode 100644 roles/add-build-sshkey-fork/tasks/main.yaml
delete mode 100644 roles/add-build-sshkey-fork/tasks/remote-linux.yaml
delete mode 100644 roles/add-build-sshkey-fork/tasks/remote-windows.yaml
delete mode 100644 roles/add-build-sshkey-fork/vars/main.yaml
delete mode 100644 roles/remove-build-sshkey-fork/README.rst
delete mode 100644 roles/remove-build-sshkey-fork/tasks/main.yaml
delete mode 100644 roles/remove-build-sshkey-fork/vars/main.yaml
diff --git a/playbooks/base-test/post.yaml b/playbooks/base-test/post.yaml
index 27fa9df..c4a139d 100644
--- a/playbooks/base-test/post.yaml
+++ b/playbooks/base-test/post.yaml
@@ -8,4 +8,4 @@
# successful jobs.
ignore_errors: yes
roles:
- - remove-build-sshkey-fork
+ - remove-build-sshkey
diff --git a/playbooks/base-test/pre.yaml b/playbooks/base-test/pre.yaml
index de884e0..5694ea3 100644
--- a/playbooks/base-test/pre.yaml
+++ b/playbooks/base-test/pre.yaml
@@ -21,7 +21,7 @@
command: journalctl -u growroot
roles:
- - add-build-sshkey-fork
+ - add-build-sshkey
- start-zuul-console
- ensure-output-dirs
diff --git a/roles/add-build-sshkey-fork/README.rst b/roles/add-build-sshkey-fork/README.rst
deleted file mode 100644
index ec86971..0000000
--- a/roles/add-build-sshkey-fork/README.rst
+++ /dev/null
@@ -1,40 +0,0 @@
-Generate and install a build-local SSH key on all hosts
-
-This role is intended to be run on the Zuul Executor at the start of
-every job. It generates an SSH keypair and installs the public key in
-the authorized_keys file of every host in the inventory. It then
-removes the Zuul master key from this job's SSH agent so that the
-original key used to log into all of the hosts is no longer accessible
-(any per-project keys, if present, remain available), then adds the
-newly generated private key.
-
-**Role Variables**
-
-.. zuul:rolevar:: zuul_temp_ssh_key
- :default: ``{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa``
-
- Where to put the newly-generated SSH private key.
-
-.. zuul:rolevar:: zuul_ssh_key_dest
- :default: ``id_{{ zuul_ssh_key_algorithm }}``
-
- File name for the the newly-generated SSH private key.
-
-.. zuul:rolevar:: zuul_build_sshkey_cleanup
- :default: false
-
- Remove previous build sshkey. Set it to true for single use static node.
- Do not set it to true for multi-slot static nodes as it removes the
- build key configured by other jobs.
-
-.. zuul:rolevar:: zuul_ssh_key_algorithm
- :default: rsa
-
- The digital signature algorithm to be used to generate the key. Default value
- 'rsa'.
-
-.. zuul:rolevar:: zuul_ssh_key_size
- :default: 3072
-
- Specifies the number of bits in the key to create. The default length is
- 3072 bits (RSA).
diff --git a/roles/add-build-sshkey-fork/tasks/create-key-and-replace.yaml b/roles/add-build-sshkey-fork/tasks/create-key-and-replace.yaml
deleted file mode 100644
index 76fc7a6..0000000
--- a/roles/add-build-sshkey-fork/tasks/create-key-and-replace.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-- name: Create Temp SSH key
- command: ssh-keygen -t {{ zuul_ssh_key_algorithm }} -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }} -b {{ zuul_ssh_key_size }}
- delegate_to: localhost
- run_once: true
-
-- name: Remote setup ssh keys (linux)
- include_tasks: remote-linux.yaml
- when: ansible_os_family != "Windows"
-
-- name: Remote setup ssh keys (windows)
- include_tasks: remote-windows.yaml
- when: ansible_os_family == "Windows"
-
-- import_role:
- name: remove-zuul-sshkey
-
-- name: Add back temp key
- command: ssh-add {{ zuul_temp_ssh_key }}
- delegate_to: localhost
- run_once: true
-
-- name: Verify we can still SSH to all nodes
- ping:
- when: ansible_os_family != "Windows"
-
-- name: Verify we can still SSH to all nodes (windows)
- command: ssh -o BatchMode=yes -o ConnectTimeout=10 {{ ansible_user }}@{{ ansible_host }} echo success
- delegate_to: localhost
- when:
- - ansible_os_family == "Windows"
- # Only run if we successfully configured the host. If not the host doesn't support
- # ssh and the check shall not break them.
- - windows_remote_ssh is succeeded
diff --git a/roles/add-build-sshkey-fork/tasks/main.yaml b/roles/add-build-sshkey-fork/tasks/main.yaml
deleted file mode 100644
index dc9f0de..0000000
--- a/roles/add-build-sshkey-fork/tasks/main.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-- name: Check to see if ssh key was already created for this build
- stat:
- path: "{{ zuul_temp_ssh_key }}"
- register: zuul_temp_ssh_key_stat
- delegate_to: localhost
- run_once: true
- failed_when: false
-
-- name: Create a new key in workspace based on build UUID
- include_tasks: create-key-and-replace.yaml
- when: not zuul_temp_ssh_key_stat.stat.exists
diff --git a/roles/add-build-sshkey-fork/tasks/remote-linux.yaml b/roles/add-build-sshkey-fork/tasks/remote-linux.yaml
deleted file mode 100644
index 42c5dfe..0000000
--- a/roles/add-build-sshkey-fork/tasks/remote-linux.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-- name: Remove previously added zuul-build-sshkey
- lineinfile:
- path: "~/.ssh/authorized_keys"
- regexp: ".* zuul-build-sshkey$"
- state: absent
- when: zuul_build_sshkey_cleanup
-
-- name: Enable access via build key on all nodes
- authorized_key:
- user: "{{ ansible_ssh_user }}"
- state: present
- key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
-
-- name: Make sure user has a .ssh
- file:
- state: directory
- path: "~/.ssh"
- mode: 0700
-
-- name: Install build private key as SSH key on all nodes
- copy:
- src: "{{ zuul_temp_ssh_key }}"
- dest: "~/.ssh/{{ zuul_ssh_key_dest }}"
- mode: 0600
- force: no
-
-- name: Install build public key as SSH key on all nodes
- copy:
- src: "{{ zuul_temp_ssh_key }}.pub"
- dest: "~/.ssh/{{ zuul_ssh_key_dest }}.pub"
- mode: 0644
- force: no
diff --git a/roles/add-build-sshkey-fork/tasks/remote-windows.yaml b/roles/add-build-sshkey-fork/tasks/remote-windows.yaml
deleted file mode 100644
index 44e2028..0000000
--- a/roles/add-build-sshkey-fork/tasks/remote-windows.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-- name: Configure ssh on remote node
- delegate_to: localhost
- shell: |+
- set -eu
-
- echo "Add node to known_hosts"
- ssh -o BatchMode=yes -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} echo success
-
- echo
-
- # We use scp here as this is much more performant than ansible copy
- echo "Copy build ssh keys to node"
- ssh -o BatchMode=yes -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} powershell "md -Force -Path .ssh"
- scp -B {{ zuul_temp_ssh_key }} {{ ansible_user }}@{{ ansible_host }}:.ssh/{{ zuul_ssh_key_dest }}
- scp -B {{ zuul_temp_ssh_key }}.pub {{ ansible_user }}@{{ ansible_host }}:.ssh/{{ zuul_ssh_key_dest }}.pub
-
- echo "Add build ssh keys to authorized_keys"
- {% if win_admin_ssh | default(false) %}
- ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\{{ zuul_ssh_key_dest }}.pub >> %programdata%\\ssh\\administrators_authorized_keys"
- {% else %}
- ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\{{ zuul_ssh_key_dest }}.pub >> .ssh\\authorized_keys"
- {% endif %}
- register: windows_remote_ssh
- # Ignore errors here because this should not break non-ssh enabled windows hosts
- ignore_errors: true
diff --git a/roles/add-build-sshkey-fork/vars/main.yaml b/roles/add-build-sshkey-fork/vars/main.yaml
deleted file mode 100644
index 68564fa..0000000
--- a/roles/add-build-sshkey-fork/vars/main.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-zuul_build_sshkey_cleanup: false
-zuul_ssh_key_algorithm: "rsa"
-zuul_ssh_key_size: "3072"
-zuul_ssh_key_dest: "id_{{ zuul_ssh_key_algorithm }}"
-zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_{{ zuul_ssh_key_algorithm }}"
diff --git a/roles/remove-build-sshkey-fork/README.rst b/roles/remove-build-sshkey-fork/README.rst
deleted file mode 100644
index 63d9271..0000000
--- a/roles/remove-build-sshkey-fork/README.rst
+++ /dev/null
@@ -1,10 +0,0 @@
-Remove the per-build SSH key from all hosts
-
-The complement to :zuul:role:`add-build-sshkey-fork`. It removes the
-build's SSH key from the authorized_keys files of all remote hosts.
-
-**Role Variables**
-
-.. zuul:rolevar:: zuul_temp_ssh_key
-
- Where the per-build SSH private key was stored.
diff --git a/roles/remove-build-sshkey-fork/tasks/main.yaml b/roles/remove-build-sshkey-fork/tasks/main.yaml
deleted file mode 100644
index c7a3375..0000000
--- a/roles/remove-build-sshkey-fork/tasks/main.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: Remove the build SSH key from all nodes
- authorized_key:
- user: "{{ ansible_ssh_user }}"
- key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
- state: absent
diff --git a/roles/remove-build-sshkey-fork/vars/main.yaml b/roles/remove-build-sshkey-fork/vars/main.yaml
deleted file mode 100644
index ee72d5e..0000000
--- a/roles/remove-build-sshkey-fork/vars/main.yaml
+++ /dev/null
@@ -1 +0,0 @@
-zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.build }}_id_{{ zuul_ssh_key_algorithm }}"