From 6ae3404b3a7338a192d3f191e49a7de243f0ebbf Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Fri, 7 Feb 2025 18:34:51 -0600
Subject: [PATCH] vmhost: Allow host provisioner to log in

This commit adds tasks to the `vmhost.yml` playbook to ensure the
*jenkins* user has the Host Provisioner's SSH key in its
`authorized_keys` file.  This allows the Host Provisioner to log in and
access the read-only _libvirt_ socket in order to construct the dynamic
Ansible inventory.
---
 vmhost.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/vmhost.yml b/vmhost.yml
index 703dff9..d258e1e 100644
--- a/vmhost.yml
+++ b/vmhost.yml
@@ -13,3 +13,35 @@
   serial: 1
   roles:
   - vmhost
+- hosts: vm-hosts
+  tasks:
+  - name: ensure jenkins user exists
+    user:
+      name: jenkins
+      create_home: false
+      state: present
+    check_mode: true
+    register: jenkins_user
+    tags:
+    - user
+  - name: ensure jenkins user home dir exists
+    file:
+      path: '{{ jenkins_user.home }}'
+      owner: '{{ jenkins_user.uid }}'
+      group: '{{ jenkins_user.group }}'
+      mode: u=rwx,go=
+      state: directory
+    tags:
+    - homedir
+  - name: ensure host provisioner ssh key is authorized
+    authorized_key:
+      user: jenkins
+      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICoOO/ZYMxRgmyvqZwGN3NM5pHyh3NBdC7iZrXIopt93
+      comment: Host Provisioner
+      manage_dir: true
+      key_options: restrict
+      state: present
+    tags:
+    - authorized_keys
+  tags:
+  - host-provisioner