Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

distgit: start working on moving dist-git to use git@ for ssh

Browse source 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This commit is contained in:
Pierre-Yves Chibon 2021-03-01 13:16:18 +01:00
parent 08feacbdce
commit a3677b36a1
2 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
inventory/group_vars/pkgs_stg
View file

@ -11,6 +11,9 @@ wsgi_threads: 4
pagure_static_uid: 600 pagure_static_uid: 600
# Configures ssh for git@ user
sshd_keyhelper: true
# We have both celery (pagure_worker) and web thread wanting to send out fedmsg's. # We have both celery (pagure_worker) and web thread wanting to send out fedmsg's.
# To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg. # To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg.
fedmsg_active: True fedmsg_active: True

7
roles/basessh/templates/sshd_config
View file

@ -51,9 +51,10 @@ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS AcceptEnv XMODIFIERS
{% if sshd_keyhelper %} {% if sshd_keyhelper %}
# For repospanner/git # For git
AuthorizedKeysCommandUser git Match User git
AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f" AuthorizedKeysCommandUser git
AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"
{% elif env == 'staging' and not sshd_keyhelper %} {% elif env == 'staging' and not sshd_keyhelper %}
AuthorizedKeysCommandUser nobody AuthorizedKeysCommandUser nobody
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys