mirror of https://github.com/ansible/ansible.git
Overhaul ansible-test SSH key management. (#73451)
* Pass remote.sh to shell over stdin. * Pass docker.sh to shell over stdin. * Standardize SSH key management. * Update docker containers.pull/73455/head
parent
218f5c3648
commit
a9b5bebab3
@ -0,0 +1,2 @@
|
||||
bugfixes:
|
||||
- ansible-test - Unified SSH key management for all instances created with the ``--remote`` or ``--docker`` options.
|
@ -1,15 +1,15 @@
|
||||
default name=quay.io/ansible/default-test-container:2.11.0 python=3.6,2.6,2.7,3.5,3.7,3.8,3.9 seccomp=unconfined context=collection
|
||||
default name=quay.io/ansible/ansible-core-test-container:1.9.0 python=3.6,2.6,2.7,3.5,3.7,3.8,3.9 seccomp=unconfined context=ansible-core
|
||||
alpine3 name=quay.io/ansible/alpine3-test-container:1.29.0 python=3.8
|
||||
centos6 name=quay.io/ansible/centos6-test-container:1.30.0 python=2.6 seccomp=unconfined
|
||||
centos7 name=quay.io/ansible/centos7-test-container:1.29.0 python=2.7 seccomp=unconfined
|
||||
centos8 name=quay.io/ansible/centos8-test-container:1.29.0 python=3.6 seccomp=unconfined
|
||||
fedora30 name=quay.io/ansible/fedora30-test-container:1.17.0 python=3.7
|
||||
fedora31 name=quay.io/ansible/fedora31-test-container:1.17.0 python=3.7
|
||||
fedora32 name=quay.io/ansible/fedora32-test-container:1.29.0 python=3.8
|
||||
fedora33 name=quay.io/ansible/fedora33-test-container:1.29.0 python=3.9
|
||||
opensuse15py2 name=quay.io/ansible/opensuse15py2-test-container:1.29.0 python=2.7
|
||||
opensuse15 name=quay.io/ansible/opensuse15-test-container:1.29.0 python=3.6
|
||||
ubuntu1604 name=quay.io/ansible/ubuntu1604-test-container:1.29.0 python=2.7 seccomp=unconfined
|
||||
ubuntu1804 name=quay.io/ansible/ubuntu1804-test-container:1.29.0 python=3.6 seccomp=unconfined
|
||||
ubuntu2004 name=quay.io/ansible/ubuntu2004-test-container:1.29.0 python=3.8 seccomp=unconfined
|
||||
default name=quay.io/ansible/default-test-container:3.0.0 python=3.6,2.6,2.7,3.5,3.7,3.8,3.9 seccomp=unconfined context=collection
|
||||
default name=quay.io/ansible/ansible-core-test-container:3.0.0 python=3.6,2.6,2.7,3.5,3.7,3.8,3.9 seccomp=unconfined context=ansible-core
|
||||
alpine3 name=quay.io/ansible/alpine3-test-container:2.0.1 python=3.8
|
||||
centos6 name=quay.io/ansible/centos6-test-container:2.0.1 python=2.6 seccomp=unconfined
|
||||
centos7 name=quay.io/ansible/centos7-test-container:2.0.1 python=2.7 seccomp=unconfined
|
||||
centos8 name=quay.io/ansible/centos8-test-container:2.0.1 python=3.6 seccomp=unconfined
|
||||
fedora30 name=quay.io/ansible/fedora30-test-container:2.0.1 python=3.7
|
||||
fedora31 name=quay.io/ansible/fedora31-test-container:2.0.1 python=3.7
|
||||
fedora32 name=quay.io/ansible/fedora32-test-container:2.0.1 python=3.8
|
||||
fedora33 name=quay.io/ansible/fedora33-test-container:2.0.1 python=3.9
|
||||
opensuse15py2 name=quay.io/ansible/opensuse15py2-test-container:2.0.1 python=2.7
|
||||
opensuse15 name=quay.io/ansible/opensuse15-test-container:2.0.1 python=3.6
|
||||
ubuntu1604 name=quay.io/ansible/ubuntu1604-test-container:2.0.1 python=2.7 seccomp=unconfined
|
||||
ubuntu1804 name=quay.io/ansible/ubuntu1804-test-container:2.0.1 python=3.6 seccomp=unconfined
|
||||
ubuntu2004 name=quay.io/ansible/ubuntu2004-test-container:2.0.1 python=3.8 seccomp=unconfined
|
||||
|
@ -0,0 +1,35 @@
|
||||
#!/bin/sh
|
||||
# Configure SSH keys.
|
||||
|
||||
ssh_public_key=#{ssh_public_key}
|
||||
ssh_private_key=#{ssh_private_key}
|
||||
ssh_key_type=#{ssh_key_type}
|
||||
|
||||
ssh_path="${HOME}/.ssh"
|
||||
private_key_path="${ssh_path}/id_${ssh_key_type}"
|
||||
|
||||
if [ ! -f "${private_key_path}" ]; then
|
||||
# write public/private ssh key pair
|
||||
public_key_path="${private_key_path}.pub"
|
||||
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -m 0700 -p "${ssh_path}"
|
||||
touch "${public_key_path}" "${private_key_path}"
|
||||
chmod 0600 "${public_key_path}" "${private_key_path}"
|
||||
echo "${ssh_public_key}" > "${public_key_path}"
|
||||
echo "${ssh_private_key}" > "${private_key_path}"
|
||||
|
||||
# add public key to authorized_keys
|
||||
authoried_keys_path="${HOME}/.ssh/authorized_keys"
|
||||
|
||||
# the existing file is overwritten to avoid conflicts (ex: RHEL on EC2 blocks root login)
|
||||
cat "${public_key_path}" > "${authoried_keys_path}"
|
||||
chmod 0600 "${authoried_keys_path}"
|
||||
|
||||
# add localhost's server keys to known_hosts
|
||||
known_hosts_path="${HOME}/.ssh/known_hosts"
|
||||
|
||||
for key in /etc/ssh/ssh_host_*_key.pub; do
|
||||
echo "localhost $(cat "${key}")" >> "${known_hosts_path}"
|
||||
done
|
||||
fi
|
Loading…
Reference in New Issue