Create additional SSH-keypair;Configure gitea

2022-07-20 08:40:18 +02:00 · 2022-07-20 08:40:18 +02:00 · 261e91ee2e
commit 261e91ee2e
parent 1746af9b9d
3 changed files with 34 additions and 4 deletions
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
@ -13,7 +13,7 @@
        INSTALL_K3S_EXEC: 'server --cluster-init --disable local-storage'
      when: ansible_facts.services['k3s.service'] is undefined

-    - name: Configure Traefik dashboard ingress
+    - name: Configure traefik dashboard ingress
      ansible.builtin.template:
        src: ingressroute.j2
        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
@ -201,16 +201,33 @@

    - name: Retrieve existing gitea configuration
      ansible.builtin.uri:
-        # url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
+        # url: "{{ item }}"
        url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/repos/search
        method: GET
      register: gitea_existing_config
+      # loop:
+      #   # - https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
+      #   - https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/repos/search
+      #   - https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/user/keys

    - debug:
        var: gitea_existing_config

    - block:

+        - name: Register SSH public key
+          ansible.builtin.uri:
+            url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/user/keys
+            method: POST
+            headers:
+              Authorization: token {{ gitea_api_token.json.sha1 }}
+            body:
+              key: "{{ gitops_sshkey.public_key }}"
+              read_only: false
+              title: GitOps
+# Initial testing
+          ignore_errors: yes
+
        - name: Create organization(s)
          ansible.builtin.uri:
            url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
--- a/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml
@ -5,10 +5,12 @@
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa
+
 - name: Save root SSH publickey
  ansible.builtin.lineinfile:
    path: /root/.ssh/authorized_keys
    line: "{{ vapp['guestinfo.rootsshkey'] }}"
+
 - name: Disable SSH password authentication
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
@ -16,8 +18,18 @@
    line: "{{ item.line }}"
    state: "{{ item.state }}"
  loop:
-  - { regex: '^#PasswordAuthentication', line: 'PasswordAuthentication no', state: present}
-  - { regex: '^PasswordAuthentication yes', line: 'PasswordAuthentication yes', state: absent}
+  - regex: '^#PasswordAuthentication'
+    line: 'PasswordAuthentication no'
+    state: present
+  - regex: '^PasswordAuthentication yes'
+    line: 'PasswordAuthentication yes'
+    state: absent
+
+- name: Create dedicated SSH keypair
+  community.crypto.openssh_keypair:
+    path: /root/.ssh/git_rsa_id
+  register: gitops_sshkey
+
 - name: Delete 'ubuntu' user
  ansible.builtin.user:
    name: ubuntu
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -122,6 +122,7 @@ dependencies:
  ansible_galaxy_collections:
    - ansible.posix
    - ansible.utils
+    - community.crypto
    - community.general
    - kubernetes.core