ansible: refactor known_hosts tasks for github.com

Refactor the Ansible tasks for updating the `known_hosts` file for github.com into its own role. Call that role from both the docker-host and jenkins-worker/create playbooks.
nodejs · Mar 29, 2023 · c3a27df · c3a27df
1 parent ddf79d5
commit c3a27df
Show file tree

Hide file tree

Showing 7 changed files with 53 additions and 27 deletions.
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
@@ -89,6 +89,16 @@
     - "{{ containers }}"
   when: containers is defined
 
+- name: enable fetching from github.com
+  include_role:
+    name: github
+  vars:
+    user_home_dir: "/{{ home }}/{{ server_user }}/{{ container.name }}/"
+  loop: "{{ containers|flatten(levels=1) }}"
+  loop_control:
+    loop_var: container
+  when: containers is defined
+
 - name: set up for release builders
   include_role:
     name: release-builder

diff --git a/...les/jenkins-worker/files/github_bad_hosts → ansible/roles/github/files/github_bad_hosts b/...les/jenkins-worker/files/github_bad_hosts → ansible/roles/github/files/github_bad_hosts
diff --git a/...s/jenkins-worker/files/github_known_hosts → ...ble/roles/github/files/github_known_hosts b/...s/jenkins-worker/files/github_known_hosts → ...ble/roles/github/files/github_known_hosts
diff --git a/ansible/roles/github/meta/argument_specs.yml b/ansible/roles/github/meta/argument_specs.yml
@@ -0,0 +1,10 @@
+---
+
+argument_specs:
+  main:
+    short_description: Set up specific to hosts that need to interact with github.com.
+    options:
+      user_home_dir:
+        description: The user's HOME directory.
+        required: yes
+        type: str
diff --git a/ansible/roles/github/tasks/main.yml b/ansible/roles/github/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+
+# Set up hosts to be able to checkout/fetch from github.com.
+
+- name: create .ssh directory
+  ansible.builtin.file:
+    dest: "{{ user_home_dir }}/.ssh"
+    mode: "0700"
+    owner: "{{ server_user }}"
+    group: "{{ server_user }}"
+    state: directory
+
+- name: write github.com entry in known_hosts
+  ansible.builtin.known_hosts:
+    name: github.com
+    key: "{{ item }}"
+    path: "{{ user_home_dir }}/.ssh/known_hosts"
+    state: present
+  become: yes
+  become_user: "{{ server_user }}"
+  loop: "{{ lookup('file', 'files/github_known_hosts').splitlines() }}"
+
+- name: remove old github.com ssh keys
+  ansible.builtin.lineinfile:
+    path: "{{ user_home_dir }}/.ssh/known_hosts"
+    search_string: "{{ item }}"
+    state: absent
+  become: yes
+  become_user: "{{ server_user }}"
+  loop: "{{ lookup('file', 'files/github_bad_hosts').splitlines() }}"
diff --git a/ansible/roles/jenkins-worker/meta/main.yml b/ansible/roles/jenkins-worker/meta/main.yml
@@ -5,6 +5,9 @@
 
 dependencies:
   - role: user-create
+  - role: github
+    vars:
+      user_home_dir: "/home/{{ server_user }}"
   - role: java-base
   - role: build-test-v8
     when: build_test_v8|default(False)

diff --git a/ansible/roles/jenkins-worker/tasks/main.yml b/ansible/roles/jenkins-worker/tasks/main.yml
@@ -31,33 +31,6 @@
     state: present
     line: ::1 localhost.localdomain localhost
 
-- name: create .ssh directory
-  ansible.builtin.file:
-    dest: "{{ home }}/{{ server_user }}/.ssh"
-    mode: "0700"
-    owner: "{{ server_user }}"
-    group: "{{ server_user }}"
-    state: directory
-
-- name: write github.com entry in known_hosts
-  ansible.builtin.known_hosts:
-    name: github.com
-    key: "{{ item }}"
-    path: "{{ home }}/{{ server_user }}/.ssh/known_hosts"
-    state: present
-  become: yes
-  become_user: "{{ server_user }}"
-  loop: "{{ lookup('file', 'files/github_known_hosts').splitlines() }}"
-
-- name: remove old github.com ssh keys
-  ansible.builtin.lineinfile:
-    path: "{{ home }}/{{ server_user }}/.ssh/known_hosts"
-    search_string: "{{ item }}"
-    state: absent
-  become: yes
-  become_user: "{{ server_user }}"
-  loop: "{{ lookup('file', 'files/github_bad_hosts').splitlines() }}"
-
 - name: run raspberry pi jenkins-worker setup
   when: "inventory_hostname|regex_search('-arm(v6l|v7l|64)_pi')"
   include: "{{ role_path }}/tasks/partials/raspberry-pi.yml"