Add config for build agent ssh authentication

ls1intum · Jul 2, 2024 · 8514672 · 8514672
1 parent ed9f9cb
commit 8514672
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 10 deletions.
diff --git a/roles/artemis/defaults/main.yml b/roles/artemis/defaults/main.yml
@@ -144,12 +144,16 @@ artemis_external_password_reset_link_de: "https://campus.tum.de/tumonline/ee/ui/
   # localvc:
   #   url:
   #   repo_storage_base_path:
-  #   user: # An artemis admin user for the local version control system
-  #   password: # The password of the artemis admin user for the local version control system
-  #   ssh_key_path: /opt/artemis/ssh-keys
-  #   build_agent_git_credentials:
+  #   ssh_key_path: /opt/artemis/ssh-keys # Key path for the SSH host keys
+  # # Build Agent specific configuration: The build agent needs some sort of authentication method in order to perform clone operations.
+  # # This can either be: SSH, spearate credentails, or the artemis admin user
+  #   build_agent_use_ssh: # Setting whether SSH should be used.
+  #   ssh_url: # URL template for SSH clone operations. (e.g. ssh://git@hostname.artemis.cit.tum.de:7921/)
+  #   build_agent_git_credentials: # Config for separate build agent git credentails
   #     user:
   #     password:
+  #   user: # An artemis admin user for the local version control system
+  #   password: # The password of the artemis admin user for the local version control system
   #
   #continuous_integration:
   #  bamboo:

diff --git a/roles/artemis/tasks/deploy_artemis.yml b/roles/artemis/tasks/deploy_artemis.yml
@@ -10,3 +10,9 @@
     mode: '0644'
   notify: restart artemis
 
+- include_tasks: generate_ssh_keys.yml
+  when:
+    - version_control.localvc is defined and version_control.localvc is not none
+    - version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0
+    - not (only_update_artemis_config | bool)
+
diff --git a/roles/artemis/tasks/docker_deploy_artemis.yml b/roles/artemis/tasks/docker_deploy_artemis.yml
@@ -98,6 +98,12 @@
   register: config
   notify: restart docker artemis
 
+- include_tasks: generate_ssh_keys.yml
+  when:
+    - version_control.localvc is defined and version_control.localvc is not none
+    - version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0
+    - not (only_update_artemis_config | bool)
+
 - name: Create artemis ssh key directory
   become: true
   file:

diff --git a/roles/artemis/tasks/main.yml b/roles/artemis/tasks/main.yml
@@ -26,12 +26,6 @@
   when:
     - not (use_docker | bool)
 
-- include_tasks: generate_ssh_keys.yml
-  when:
-    - version_control.localvc is defined and version_control.localvc is not none
-    - version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0
-    - not (only_update_artemis_config | bool)
-
 # Install Artemis to the host
 - include_tasks: deploy_artemis.yml
   when: 

diff --git a/roles/artemis/templates/application-prod.yml.j2 b/roles/artemis/templates/application-prod.yml.j2
@@ -186,9 +186,18 @@ artemis:
     build-agent-git-username: {{ version_control.localvc.build_agent_git_credentials.user }}
     build-agent-git-password: {{ version_control.localvc.build_agent_git_credentials.password }}
 {% endif %}
+{% if version_control.localvc.build_agent_use_ssh is defined %}
+    build-agent-use-ssh: {{ version_control.localvc.build_agent_use_ssh | string | lower }}
+{% endif %}
 {% if version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0 %}
     ssh-host-key-path: {{ version_control.localvc.ssh_key_path }}
 {% endif %}
+{% if artemis_ssh_key_path is defined and artemis_ssh_key_path is not none and artemis_ssh_key_path != "" %}
+    ssh-private-key-folder-path:  {{ artemis_ssh_key_path }}
+{% endif %}
+{% if version_control.localvc.ssh_url is defined %}
+    ssh-template-clone-url: {{ version_control.localvc.ssh_url }}
+{% endif %}
 {% endif %}
 
 {% if continuous_integration.bamboo is defined %}

diff --git a/roles/artemis/templates/artemis.env.j2 b/roles/artemis/templates/artemis.env.j2
@@ -140,9 +140,18 @@ ARTEMIS_VERSIONCONTROL_PASSWORD='{{ artemis_internal_admin_password }}'
 ARTEMIS_VERSIONCONTROL_BUILDAGENTGITUSERNAME='{{ version_control.localvc.build_agent_git_credentials.user }}'
 ARTEMIS_VERSIONCONTROL_BUILDAGENTGITPASSWORD='{{ version_control.localvc.build_agent_git_credentials.password }}'
 {% endif %}
+{% if version_control.localvc.build_agent_use_ssh is defined %}
+ARTEMIS_VERSIONCONTROL_BUILDAGENTUSESSH='{{ version_control.localvc.build_agent_use_ssh | string | lower }}'
+{% endif %}
 {% if version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0 %}
 ARTEMIS_VERSIONCONTROL_SSHHOSTKEYPATH='{{ artemis_repo_basepath }}/ssh-keys'
 {% endif %}
+{% if artemis_ssh_key_path is defined and artemis_ssh_key_path is not none and artemis_ssh_key_path != "" %}
+ARTEMIS_VERSIONCONTROL_SSHPRIVATEKEYFOLDERPATH='{{ artemis_ssh_key_path }}'
+{% endif %}
+{% if version_control.localvc.ssh_url is defined %}
+ARTEMIS_VERSIONCONTROL_SSHTEMPLATECLONEURL='{{ version_control.localvc.ssh_url }}'
+{% endif %}
 {% endif %}
 {% if continuous_integration.localci is defined %}
 ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENVALUE='demo'