Revert https://review.opendev.org/c/opendev/base-jobs/+/782864

This change was made to test https://review.opendev.org/c/zuul/zuul-jobs/+/773474 using base-test. Now that the PR is merged, the changes made to test should be reverted. Change-Id: I0e310dcbdb6c1e47f3575ef9da7d5560267ee3d9
2021-03-26 16:06:17 -04:00 · 2021-03-26 16:06:17 -04:00 · 30d840ddbb
parent 53b90cb177
commit 30d840ddbb
11 changed files with 2 additions and 164 deletions
--- a/playbooks/base-test/post.yaml
+++ b/playbooks/base-test/post.yaml
@ -8,4 +8,4 @@
  # successful jobs.
  ignore_errors: yes
  roles:
-    - remove-build-sshkey-fork
+    - remove-build-sshkey
--- a/playbooks/base-test/pre.yaml
+++ b/playbooks/base-test/pre.yaml
@ -21,7 +21,7 @@
      command: journalctl -u growroot

  roles:
-    - add-build-sshkey-fork
+    - add-build-sshkey
    - start-zuul-console
    - ensure-output-dirs

--- a/roles/add-build-sshkey-fork/README.rst
+++ b/roles/add-build-sshkey-fork/README.rst
@ -1,40 +0,0 @@
-Generate and install a build-local SSH key on all hosts
-
-This role is intended to be run on the Zuul Executor at the start of
-every job.  It generates an SSH keypair and installs the public key in
-the authorized_keys file of every host in the inventory.  It then
-removes the Zuul master key from this job's SSH agent so that the
-original key used to log into all of the hosts is no longer accessible
-(any per-project keys, if present, remain available), then adds the
-newly generated private key.
-
-**Role Variables**
-
-.. zuul:rolevar:: zuul_temp_ssh_key
-   :default: ``{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa``
-
-   Where to put the newly-generated SSH private key.
-
-.. zuul:rolevar:: zuul_ssh_key_dest
-   :default: ``id_{{ zuul_ssh_key_algorithm }}``
-
-   File name for the the newly-generated SSH private key.
-
-.. zuul:rolevar:: zuul_build_sshkey_cleanup
-   :default: false
-
-   Remove previous build sshkey. Set it to true for single use static node.
-   Do not set it to true for multi-slot static nodes as it removes the
-   build key configured by other jobs.
-
-.. zuul:rolevar:: zuul_ssh_key_algorithm
-   :default: rsa
-
-   The digital signature algorithm to be used to generate the key. Default value
-   'rsa'.
-
-.. zuul:rolevar:: zuul_ssh_key_size
-   :default: 3072
-
-   Specifies the number of bits in the key to create. The default length is
-   3072 bits (RSA).
--- a/roles/add-build-sshkey-fork/tasks/create-key-and-replace.yaml
+++ b/roles/add-build-sshkey-fork/tasks/create-key-and-replace.yaml
@ -1,33 +0,0 @@
- name: Create Temp SSH key
-  command: ssh-keygen -t {{ zuul_ssh_key_algorithm }} -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }} -b {{ zuul_ssh_key_size }}
-  delegate_to: localhost
-  run_once: true
-
- name: Remote setup ssh keys (linux)
-  include_tasks: remote-linux.yaml
-  when: ansible_os_family != "Windows"
-
- name: Remote setup ssh keys (windows)
-  include_tasks: remote-windows.yaml
-  when: ansible_os_family == "Windows"
-
- import_role:
-    name: remove-zuul-sshkey
-
- name: Add back temp key
-  command: ssh-add {{ zuul_temp_ssh_key }}
-  delegate_to: localhost
-  run_once: true
-
- name: Verify we can still SSH to all nodes
-  ping:
-  when: ansible_os_family != "Windows"
-
- name: Verify we can still SSH to all nodes (windows)
-  command: ssh -o BatchMode=yes -o ConnectTimeout=10 {{ ansible_user }}@{{ ansible_host }} echo success
-  delegate_to: localhost
-  when:
-    - ansible_os_family == "Windows"
-    # Only run if we successfully configured the host. If not the host doesn't support
-    # ssh and the check shall not break them.
-    - windows_remote_ssh is succeeded
--- a/roles/add-build-sshkey-fork/tasks/main.yaml
+++ b/roles/add-build-sshkey-fork/tasks/main.yaml
@ -1,11 +0,0 @@
- name: Check to see if ssh key was already created for this build
-  stat:
-    path: "{{ zuul_temp_ssh_key }}"
-  register: zuul_temp_ssh_key_stat
-  delegate_to: localhost
-  run_once: true
-  failed_when: false
-
- name: Create a new key in workspace based on build UUID
-  include_tasks: create-key-and-replace.yaml
-  when: not zuul_temp_ssh_key_stat.stat.exists
--- a/roles/add-build-sshkey-fork/tasks/remote-linux.yaml
+++ b/roles/add-build-sshkey-fork/tasks/remote-linux.yaml
@ -1,32 +0,0 @@
- name: Remove previously added zuul-build-sshkey
-  lineinfile:
-    path: "~/.ssh/authorized_keys"
-    regexp: ".* zuul-build-sshkey$"
-    state: absent
-  when: zuul_build_sshkey_cleanup
-
- name: Enable access via build key on all nodes
-  authorized_key:
-    user: "{{ ansible_ssh_user }}"
-    state: present
-    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
-
- name: Make sure user has a .ssh
-  file:
-    state: directory
-    path: "~/.ssh"
-    mode: 0700
-
- name: Install build private key as SSH key on all nodes
-  copy:
-    src: "{{ zuul_temp_ssh_key }}"
-    dest: "~/.ssh/{{ zuul_ssh_key_dest }}"
-    mode: 0600
-    force: no
-
- name: Install build public key as SSH key on all nodes
-  copy:
-    src: "{{ zuul_temp_ssh_key }}.pub"
-    dest: "~/.ssh/{{ zuul_ssh_key_dest }}.pub"
-    mode: 0644
-    force: no
--- a/roles/add-build-sshkey-fork/tasks/remote-windows.yaml
+++ b/roles/add-build-sshkey-fork/tasks/remote-windows.yaml
@ -1,25 +0,0 @@
- name: Configure ssh on remote node
-  delegate_to: localhost
-  shell: |+
-    set -eu
-
-    echo "Add node to known_hosts"
-    ssh -o BatchMode=yes -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} echo success
-
-    echo
-
-    # We use scp here as this is much more performant than ansible copy
-    echo "Copy build ssh keys to node"
-    ssh -o BatchMode=yes -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} powershell "md -Force -Path .ssh"
-    scp -B {{ zuul_temp_ssh_key }} {{ ansible_user }}@{{ ansible_host }}:.ssh/{{ zuul_ssh_key_dest }}
-    scp -B {{ zuul_temp_ssh_key }}.pub {{ ansible_user }}@{{ ansible_host }}:.ssh/{{ zuul_ssh_key_dest }}.pub
-
-    echo "Add build ssh keys to authorized_keys"
-    {% if win_admin_ssh | default(false) %}
-    ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\{{ zuul_ssh_key_dest }}.pub >> %programdata%\\ssh\\administrators_authorized_keys"
-    {% else %}
-    ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\{{ zuul_ssh_key_dest }}.pub >> .ssh\\authorized_keys"
-    {% endif %}
-  register: windows_remote_ssh
-  # Ignore errors here because this should not break non-ssh enabled windows hosts
-  ignore_errors: true
--- a/roles/add-build-sshkey-fork/vars/main.yaml
+++ b/roles/add-build-sshkey-fork/vars/main.yaml
@ -1,5 +0,0 @@
-zuul_build_sshkey_cleanup: false
-zuul_ssh_key_algorithm: "rsa"
-zuul_ssh_key_size: "3072"
-zuul_ssh_key_dest: "id_{{ zuul_ssh_key_algorithm }}"
-zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_{{ zuul_ssh_key_algorithm }}"
--- a/roles/remove-build-sshkey-fork/README.rst
+++ b/roles/remove-build-sshkey-fork/README.rst
@ -1,10 +0,0 @@
-Remove the per-build SSH key from all hosts
-
-The complement to :zuul:role:`add-build-sshkey-fork`.  It removes the
-build's SSH key from the authorized_keys files of all remote hosts.
-
-**Role Variables**
-
-.. zuul:rolevar:: zuul_temp_ssh_key
-
-   Where the per-build SSH private key was stored.
--- a/roles/remove-build-sshkey-fork/tasks/main.yaml
+++ b/roles/remove-build-sshkey-fork/tasks/main.yaml
@ -1,5 +0,0 @@
- name: Remove the build SSH key from all nodes
-  authorized_key:
-    user: "{{ ansible_ssh_user }}"
-    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
-    state: absent
--- a/roles/remove-build-sshkey-fork/vars/main.yaml
+++ b/roles/remove-build-sshkey-fork/vars/main.yaml
@ -1 +0,0 @@
-zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.build }}_id_{{ zuul_ssh_key_algorithm }}"
				`@ -1 +0,0 @@`
				`zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.build }}_id_{{ zuul_ssh_key_algorithm }}"`