From 8ebff52f8935c1fd00dddb8bd0899e0b67aba2b9 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Fri, 23 Apr 2021 14:31:47 +0200
Subject: [PATCH] copr-hv: allow @sysadmin-copr to ssh as 'copr', not root

---
 inventory/group_vars/copr_hypervisor | 2 --
 roles/copr/hypervisor/tasks/main.yml | 6 ++++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/inventory/group_vars/copr_hypervisor b/inventory/group_vars/copr_hypervisor
index 36045d693a..3b9f1b06d8 100644
--- a/inventory/group_vars/copr_hypervisor
+++ b/inventory/group_vars/copr_hypervisor
@@ -1,8 +1,6 @@
 ---
 virthost: true
 
-root_auth_users: @sysadmin-copr
-
 vpn: true
 primary_auth_source: ipa
 ipa_host_group: vmhost-copr
diff --git a/roles/copr/hypervisor/tasks/main.yml b/roles/copr/hypervisor/tasks/main.yml
index 6022cfe320..6702453c7f 100644
--- a/roles/copr/hypervisor/tasks/main.yml
+++ b/roles/copr/hypervisor/tasks/main.yml
@@ -88,6 +88,12 @@
   with_file:
   - buildsys.pub
 
+- name: add root keys for sysadmin-main and other allowed users
+  action: authorized_key user=copr key={{ item }}
+  with_lines:
+  - "{{ auth_keys_from_fas}} @sysadmin-copr"
+  tags: copr_admins
+
 # todo: generate it's own key
 - name: make sure hostA can ssh to hostB
   copy: