A recent hotfix added a fallback zuul_ssh_key_algorithm value for
the remove-build-sshkey role, reflect it in the role documentation.
Also remove some redundancies with default values specified in prose
for the add-build-sshkey role, when they were also indicated by the
:default: parameter.
Change-Id: If3f74256788283dedb17ad780da3ca4df4503cb4
This prepared for ansible-lint v5 which no longer has exceptions
for task naming, requiring all to be named.
Change-Id: I5e761d1e3836fa270d7afdcf01780320001f820d
Part-Of: #773245
Currently a new cmd shell is opened instead of running the command
supplied when adding the build key for ssh enabled windows nodes.
Fix this by adding a '/c' flag.
Change-Id: I582febfe91d5dc229cc6a1959477a461a237336b
This change enables a kubectl connection job to just remove the
zuul sshkey, without using the add-build-sshkey role which doesn't
work on pod. To do that, this change moves the sshagent_remove_key
task to a new role and makes add-build-sshkey use the new role.
Change-Id: I5e7288592cad303df919220259f5a360bf522f64
There are over 490 .yaml files but only a few .yml, let's rename to be
consistent.
Add a test to block .yml files.
Change-Id: I2f1354de82f231154d926b51d9812b1e9c1a6202
The winrm protocol is very inefficient when copying things to the node
therefore it makes sense to have working ssh connections on windows
hosts. Adding windows support to the add-build-sshkey role is the
first step towards this.
Change-Id: I5591b39b0107385fec8c6df1fbe6c316177d32e6
We don't need to be explicit, ssh-keygen will pick a good size for us.
Meanwhile, 1024 bit keys are generally seen as security problems and
thus ring bells and are refused by some servers/services.
Change-Id: Iaea82e0b394a5a6b1da3b59637fc4e0f541e1978
With the arrival of ansible-lint 4, comparisons to literal boolean
values are now forbidden. Adjust the new violations accordingly and
remove the rule 601 exclusion.
Change-Id: I18ba2d7d41fabaff35d10d520037188c7d9d1249
This change improves the add-build-sshkey role to be usable for
static node where we need to clean-up previously added build-sshkey.
Change-Id: Ibcb2880deea4f7e51de51d6df11afc1de3fa4571
Change Ibfbd5df21e01d5a7bd44a216ff63bc805dd5c186 added the noqa to
silence the warning - the real fix is to use a raw string for the regex
that gets passed in.
Change-Id: I986961082e0252547ca0b7e2cade3167459edf9b
Flake8 3.6.0 now warns about both line break after and *before* binary
operator, you have to choose whether you use W503 or W504. Disable the
newer W504.
Also, ignore warning about invalid escape sequence in regex.
Change-Id: Ibfbd5df21e01d5a7bd44a216ff63bc805dd5c186
This implements a module to directly interact with the ssh-agent
so that the master key may be removed from the ssh-agent without
removing any per-project keys.
Change-Id: Ife91ad8afa9b41b0e779a832e298aca8d61ae98b
This will allow all nodes to SSH to each other, which should facilitate
some multi-node jobs that need this enabled.
We set "force" to "no" on the copies since this is in the base job's
pre.yml, meaning it should run before basically anything else.
Change-Id: If11f05f5cced71f6e9f634195e628ea68813c4cf
Now that zuul.executor.work_root is live, we can stop using a relative
path for our ssh private key.
Change-Id: I7d8deab60724fb62a18dc0c5fb4eec57056552c7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We incorrectly include create-key-and-replace.yaml based on the ssh
key existing.
Change-Id: Ia7b0c1338e7d746818bda579a82fdb6d74f81c31
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
In a multi node setup, we only want this logic to be run one across
all hosts.
Change-Id: I4ebb62f76d4ff7363635bee7073c2d7e8f0ad70e
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
In change If9ebdc783dcef4f8dea9fa491b40ae49416e5cf1 in zuul uuid was
renamed to build. This must be also reflected here.
Change-Id: I46101d7a9ecc1513647f19d1d377480d5afa9a5d