Create additional SSH-keypair;Configure gitea
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Danny Bessems 2022-07-20 08:40:18 +02:00
parent 1746af9b9d
commit 261e91ee2e
3 changed files with 34 additions and 4 deletions

View File

@ -13,7 +13,7 @@
INSTALL_K3S_EXEC: 'server --cluster-init --disable local-storage'
when: ansible_facts.services['k3s.service'] is undefined
- name: Configure Traefik dashboard ingress
- name: Configure traefik dashboard ingress
ansible.builtin.template:
src: ingressroute.j2
dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
@ -201,16 +201,33 @@
- name: Retrieve existing gitea configuration
ansible.builtin.uri:
# url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
# url: "{{ item }}"
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/repos/search
method: GET
register: gitea_existing_config
# loop:
# # - https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
# - https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/repos/search
# - https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/user/keys
- debug:
var: gitea_existing_config
- block:
- name: Register SSH public key
ansible.builtin.uri:
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/user/keys
method: POST
headers:
Authorization: token {{ gitea_api_token.json.sha1 }}
body:
key: "{{ gitops_sshkey.public_key }}"
read_only: false
title: GitOps
# Initial testing
ignore_errors: yes
- name: Create organization(s)
ansible.builtin.uri:
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs

View File

@ -5,10 +5,12 @@
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
- name: Save root SSH publickey
ansible.builtin.lineinfile:
path: /root/.ssh/authorized_keys
line: "{{ vapp['guestinfo.rootsshkey'] }}"
- name: Disable SSH password authentication
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
@ -16,8 +18,18 @@
line: "{{ item.line }}"
state: "{{ item.state }}"
loop:
- { regex: '^#PasswordAuthentication', line: 'PasswordAuthentication no', state: present}
- { regex: '^PasswordAuthentication yes', line: 'PasswordAuthentication yes', state: absent}
- regex: '^#PasswordAuthentication'
line: 'PasswordAuthentication no'
state: present
- regex: '^PasswordAuthentication yes'
line: 'PasswordAuthentication yes'
state: absent
- name: Create dedicated SSH keypair
community.crypto.openssh_keypair:
path: /root/.ssh/git_rsa_id
register: gitops_sshkey
- name: Delete 'ubuntu' user
ansible.builtin.user:
name: ubuntu

View File

@ -122,6 +122,7 @@ dependencies:
ansible_galaxy_collections:
- ansible.posix
- ansible.utils
- community.crypto
- community.general
- kubernetes.core