From 8514672afdafb7e63e17e89eb65a2339edaffe73 Mon Sep 17 00:00:00 2001 From: Benjamin Schmitz Date: Tue, 2 Jul 2024 19:41:53 +0200 Subject: [PATCH] Add config for build agent ssh authentication --- roles/artemis/defaults/main.yml | 12 ++++++++---- roles/artemis/tasks/deploy_artemis.yml | 6 ++++++ roles/artemis/tasks/docker_deploy_artemis.yml | 6 ++++++ roles/artemis/tasks/main.yml | 6 ------ roles/artemis/templates/application-prod.yml.j2 | 9 +++++++++ roles/artemis/templates/artemis.env.j2 | 9 +++++++++ 6 files changed, 38 insertions(+), 10 deletions(-) diff --git a/roles/artemis/defaults/main.yml b/roles/artemis/defaults/main.yml index f4fc621..387d639 100644 --- a/roles/artemis/defaults/main.yml +++ b/roles/artemis/defaults/main.yml @@ -144,12 +144,16 @@ artemis_external_password_reset_link_de: "https://campus.tum.de/tumonline/ee/ui/ # localvc: # url: # repo_storage_base_path: - # user: # An artemis admin user for the local version control system - # password: # The password of the artemis admin user for the local version control system - # ssh_key_path: /opt/artemis/ssh-keys - # build_agent_git_credentials: + # ssh_key_path: /opt/artemis/ssh-keys # Key path for the SSH host keys + # # Build Agent specific configuration: The build agent needs some sort of authentication method in order to perform clone operations. + # # This can either be: SSH, spearate credentails, or the artemis admin user + # build_agent_use_ssh: # Setting whether SSH should be used. + # ssh_url: # URL template for SSH clone operations. (e.g. ssh://git@hostname.artemis.cit.tum.de:7921/) + # build_agent_git_credentials: # Config for separate build agent git credentails # user: # password: + # user: # An artemis admin user for the local version control system + # password: # The password of the artemis admin user for the local version control system # #continuous_integration: # bamboo: diff --git a/roles/artemis/tasks/deploy_artemis.yml b/roles/artemis/tasks/deploy_artemis.yml index bfce917..332adc4 100644 --- a/roles/artemis/tasks/deploy_artemis.yml +++ b/roles/artemis/tasks/deploy_artemis.yml @@ -10,3 +10,9 @@ mode: '0644' notify: restart artemis +- include_tasks: generate_ssh_keys.yml + when: + - version_control.localvc is defined and version_control.localvc is not none + - version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0 + - not (only_update_artemis_config | bool) + diff --git a/roles/artemis/tasks/docker_deploy_artemis.yml b/roles/artemis/tasks/docker_deploy_artemis.yml index 2fdec2f..80adb82 100644 --- a/roles/artemis/tasks/docker_deploy_artemis.yml +++ b/roles/artemis/tasks/docker_deploy_artemis.yml @@ -98,6 +98,12 @@ register: config notify: restart docker artemis +- include_tasks: generate_ssh_keys.yml + when: + - version_control.localvc is defined and version_control.localvc is not none + - version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0 + - not (only_update_artemis_config | bool) + - name: Create artemis ssh key directory become: true file: diff --git a/roles/artemis/tasks/main.yml b/roles/artemis/tasks/main.yml index 4e4913c..5325797 100644 --- a/roles/artemis/tasks/main.yml +++ b/roles/artemis/tasks/main.yml @@ -26,12 +26,6 @@ when: - not (use_docker | bool) -- include_tasks: generate_ssh_keys.yml - when: - - version_control.localvc is defined and version_control.localvc is not none - - version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0 - - not (only_update_artemis_config | bool) - # Install Artemis to the host - include_tasks: deploy_artemis.yml when: diff --git a/roles/artemis/templates/application-prod.yml.j2 b/roles/artemis/templates/application-prod.yml.j2 index c89acfc..8ba5eea 100644 --- a/roles/artemis/templates/application-prod.yml.j2 +++ b/roles/artemis/templates/application-prod.yml.j2 @@ -186,9 +186,18 @@ artemis: build-agent-git-username: {{ version_control.localvc.build_agent_git_credentials.user }} build-agent-git-password: {{ version_control.localvc.build_agent_git_credentials.password }} {% endif %} +{% if version_control.localvc.build_agent_use_ssh is defined %} + build-agent-use-ssh: {{ version_control.localvc.build_agent_use_ssh | string | lower }} +{% endif %} {% if version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0 %} ssh-host-key-path: {{ version_control.localvc.ssh_key_path }} {% endif %} +{% if artemis_ssh_key_path is defined and artemis_ssh_key_path is not none and artemis_ssh_key_path != "" %} + ssh-private-key-folder-path: {{ artemis_ssh_key_path }} +{% endif %} +{% if version_control.localvc.ssh_url is defined %} + ssh-template-clone-url: {{ version_control.localvc.ssh_url }} +{% endif %} {% endif %} {% if continuous_integration.bamboo is defined %} diff --git a/roles/artemis/templates/artemis.env.j2 b/roles/artemis/templates/artemis.env.j2 index 90d9457..6c997ab 100644 --- a/roles/artemis/templates/artemis.env.j2 +++ b/roles/artemis/templates/artemis.env.j2 @@ -140,9 +140,18 @@ ARTEMIS_VERSIONCONTROL_PASSWORD='{{ artemis_internal_admin_password }}' ARTEMIS_VERSIONCONTROL_BUILDAGENTGITUSERNAME='{{ version_control.localvc.build_agent_git_credentials.user }}' ARTEMIS_VERSIONCONTROL_BUILDAGENTGITPASSWORD='{{ version_control.localvc.build_agent_git_credentials.password }}' {% endif %} +{% if version_control.localvc.build_agent_use_ssh is defined %} +ARTEMIS_VERSIONCONTROL_BUILDAGENTUSESSH='{{ version_control.localvc.build_agent_use_ssh | string | lower }}' +{% endif %} {% if version_control.localvc.ssh_key_path is defined and version_control.localvc.ssh_key_path|length > 0 %} ARTEMIS_VERSIONCONTROL_SSHHOSTKEYPATH='{{ artemis_repo_basepath }}/ssh-keys' {% endif %} +{% if artemis_ssh_key_path is defined and artemis_ssh_key_path is not none and artemis_ssh_key_path != "" %} +ARTEMIS_VERSIONCONTROL_SSHPRIVATEKEYFOLDERPATH='{{ artemis_ssh_key_path }}' +{% endif %} +{% if version_control.localvc.ssh_url is defined %} +ARTEMIS_VERSIONCONTROL_SSHTEMPLATECLONEURL='{{ version_control.localvc.ssh_url }}' +{% endif %} {% endif %} {% if continuous_integration.localci is defined %} ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENVALUE='demo'