make sure that the buildmaster's pubkey is known to taskotron clients

2014-07-03 22:33:46 +00:00 · 2014-07-03 22:33:46 +00:00 · c7cc1b0ef2
commit c7cc1b0ef2
parent ba09165152
2 changed files with 7 additions and 0 deletions
--- a/inventory/group_vars/taskotron-dev-clients
+++ b/inventory/group_vars/taskotron-dev-clients
@ -17,3 +17,4 @@ buildslave_private_sshkey_file: dev-buildslave-sshkey/dev_buildslave
 buildslave_public_sshkey_file: dev-buildslave-sshkey/dev_buildslave.pub
 taskotron_admin_email: taskotron-admin-members@fedoraproject.org
 sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
+buildmaster_pubkey: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK4M03mLIZ0Wf9CzoJtUfOV8pcSxYLSsd4zxaFovDIHZGZH3ifg5Ocwut6L6lBalR3iepa/9EuFvgosi90WM3iI="
--- a/roles/taskotron/buildslave-configure/tasks/main.yml
+++ b/roles/taskotron/buildslave-configure/tasks/main.yml
@ -25,6 +25,12 @@
 - name: install slave ssh public key
  copy: src={{ private }}/files/taskotron/{{ buildslave_public_sshkey_file }} dest={{ slave_home }}/.ssh/id_rsa.pub owner={{ slave_user }} group={{ slave_user }} mode=0644

+- name: ensure slave's known_hosts file exists
+  file: path=/home/{{ slave_user }}/.ssh/known_hosts owner={{ slave_user }} group={{ slave_user }} mode=0644 state=touch
+
+- name: make sure master is in known_hosts
+  lineinfile: dest=/home/{{ slave_user }}/.ssh/known_hosts regexp='{{ buildmaster }}' line='{{ buildmaster }} {{ buildmaster_pubkey }}'
+
 - name: generate buildslave service file
  template: src=buildslave.service.j2 dest=/lib/systemd/system/buildslave.service owner=root group=root mode=0744