You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by ba...@apache.org on 2015/08/16 19:47:29 UTC

[12/23] couchdb-ci git commit: generate keys on the fly

generate keys on the fly


Project: http://git-wip-us.apache.org/repos/asf/couchdb-ci/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-ci/commit/448ba2ca
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-ci/tree/448ba2ca
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-ci/diff/448ba2ca

Branch: refs/heads/master
Commit: 448ba2ca3d712b63d3b422a2c975e37f62e535a1
Parents: c27023e
Author: Bastian Krol <ba...@web.de>
Authored: Thu Jul 9 08:59:35 2015 +0200
Committer: Bastian Krol <ba...@web.de>
Committed: Thu Jul 9 08:59:35 2015 +0200

----------------------------------------------------------------------
 ansible/generate-keypair.sh                     | 24 ++++++++++++++++++++
 ansible/roles/common/tasks/main.yml             | 11 ++++++++-
 .../jenkins-master/files/keys/generate-key.sh   |  8 -------
 ansible/roles/jenkins-master/tasks/jenkins.yml  |  8 +------
 .../roles/jenkins-worker/files/keys/.gitignore  |  2 ++
 .../files/keys/couchdb-ci-rsa.pub               |  1 -
 6 files changed, 37 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-ci/blob/448ba2ca/ansible/generate-keypair.sh
----------------------------------------------------------------------
diff --git a/ansible/generate-keypair.sh b/ansible/generate-keypair.sh
new file mode 100755
index 0000000..c212b3c
--- /dev/null
+++ b/ansible/generate-keypair.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# This script is not meant to be copied to the Jenkins master. It can be
+# executed locally on the provisioning machine to generate a new keypair for
+# Jenkins' master-worker communication. The key files are moved to the correct
+# location for provisioning the master and the workers.
+#
+# Do not commit the keys to git!
+
+# go to ansible directory
+pushd `dirname $0` > /dev/null
+pwd
+
+if [[ -f roles/jenkins-master/files/keys/couchdb-ci-rsa ]] && [[ -f  roles/jenkins-worker/files/keys/couchdb-ci-rsa.pub ]]; then
+  echo Keys found, not generating a new key pair.
+else
+  echo No keys found, generating new key pair.
+  rm -f couchdb-ci-rsa couchdb-ci-rsa.pub
+  ssh-keygen -t rsa -N "" -b 4096 -q -f couchdb-ci-rsa
+  mv couchdb-ci-rsa.pub roles/jenkins-worker/files/keys
+  mv couchdb-ci-rsa roles/jenkins-master/files/keys
+fi
+
+popd > /dev/null

http://git-wip-us.apache.org/repos/asf/couchdb-ci/blob/448ba2ca/ansible/roles/common/tasks/main.yml
----------------------------------------------------------------------
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index d7878ac..08017ff 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -1,2 +1,11 @@
 ---
-# currently there are no common tasks ¯\_(ツ)_/¯
+# generate a new key pair if none is present
+- name: generate new key pair for master-worker communication
+  shell: ./generate-keypair.sh
+  args:
+    creates: roles/jenkins-master/files/keys/couchdb-ci-rsa
+  run_once: true
+  delegate_to: localhost
+  register: keygen_out
+
+- debug: msg="{{ keygen_out.stdout }}"

http://git-wip-us.apache.org/repos/asf/couchdb-ci/blob/448ba2ca/ansible/roles/jenkins-master/files/keys/generate-key.sh
----------------------------------------------------------------------
diff --git a/ansible/roles/jenkins-master/files/keys/generate-key.sh b/ansible/roles/jenkins-master/files/keys/generate-key.sh
deleted file mode 100755
index f27c1d9..0000000
--- a/ansible/roles/jenkins-master/files/keys/generate-key.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env sh
-
-# This script is not meant to be copied to the Jenkins master. It can be
-# executed locally on the provisioning machine to generate a new keypair for
-# Jenkins' master-worker communication. The public key is copied to the correct
-# location for provisioning the worker. Do not commit the private key go git.
-ssh-keygen -t rsa -N "" -b 4096 -q -f couchdb-ci-rsa
-mv couchdb-ci-rsa.pub ../../../jenkins-worker/files/keys

http://git-wip-us.apache.org/repos/asf/couchdb-ci/blob/448ba2ca/ansible/roles/jenkins-master/tasks/jenkins.yml
----------------------------------------------------------------------
diff --git a/ansible/roles/jenkins-master/tasks/jenkins.yml b/ansible/roles/jenkins-master/tasks/jenkins.yml
index 5983f1f..e271eb8 100644
--- a/ansible/roles/jenkins-master/tasks/jenkins.yml
+++ b/ansible/roles/jenkins-master/tasks/jenkins.yml
@@ -26,13 +26,7 @@
     group: jenkins
     mode: 0700
 
-# If this step fails, you are probably missing the private key for
-# master-worker communication. Please put the key into
-# ansible/roles/jenkins-master/files/keys/couchdb-ci-rsa before proceeding.
-# ---
-# TODO This should be improved! See http://stackoverflow.com/a/29399036, maybe we can use ansible vault.
-# ---
-- name: copy private key
+- name: copy private key to Jenkins master
   copy:
     src: keys/couchdb-ci-rsa
     dest: /var/lib/jenkins/.ssh/id_rsa

http://git-wip-us.apache.org/repos/asf/couchdb-ci/blob/448ba2ca/ansible/roles/jenkins-worker/files/keys/.gitignore
----------------------------------------------------------------------
diff --git a/ansible/roles/jenkins-worker/files/keys/.gitignore b/ansible/roles/jenkins-worker/files/keys/.gitignore
new file mode 100644
index 0000000..14712b3
--- /dev/null
+++ b/ansible/roles/jenkins-worker/files/keys/.gitignore
@@ -0,0 +1,2 @@
+couchdb-ci-rsa.pub
+

http://git-wip-us.apache.org/repos/asf/couchdb-ci/blob/448ba2ca/ansible/roles/jenkins-worker/files/keys/couchdb-ci-rsa.pub
----------------------------------------------------------------------
diff --git a/ansible/roles/jenkins-worker/files/keys/couchdb-ci-rsa.pub b/ansible/roles/jenkins-worker/files/keys/couchdb-ci-rsa.pub
deleted file mode 100644
index 09b8c16..0000000
--- a/ansible/roles/jenkins-worker/files/keys/couchdb-ci-rsa.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZ+XvtXx6vPybYue8bm6q84B44yWE7Fb8bJ2eO7AQIqLXYw8CHCft03w59fBdra6KfuqO3ziZbSJgeOAYBD42zthPSBnvzlLdiGyWc7l3RDuipGYyE/I5WElHJlZWGxeaG8NfByAvc9wvMfUh3IABcxAKQ3SLC6h3WxL1badhyEdUDXB5i5bb1abfaEL0ezkM6w0NlOrvU70zGIccflG4u4eg3hECJVMIo6x0ozACY7fMLrGQ96WWpJuSAxBfi/1E/ipWUhwEsylrccEtiJgBJRBn5NEKrhOZ2GScpxhGf7y1x4xREdglLFao/BU9XkMyOqTtaKdpsl1BzbJ56XrLQiy0uSzgHVzxJOfbg33hAYk/YEVE9UQHoNhpRkQQNBEgak5lPZKxo5ux9/yFh6pM3xr3LpupqHPRAxEc3fzcBODGYcFXxuM396RRNwcAq9HGLgie7tYHKCo7RjsQwIDQrZgBj2kpTqdT4Dv74dobx6Sfe1hpAD0eXyWZojcJeDlPGvsiWjJrFyVorp1Wmkggwthgp/lL6l4J8VTLBZMLDSFu6g0sXy/z8cczcXgJXhnL8QqLTRaFHa6bzGFqFvF7Kawo2mbT/fscf3RUn78gTvZxLjkZ8RmGCHEBsZErir6F4NETGQmos42NWW5fRJFXZc0b0qanIXlaAVo1x5mdoYQ== bastian@krol