vmhost: Allow host provisioner to log in

This commit adds tasks to the `vmhost.yml` playbook to ensure the *jenkins* user has the Host Provisioner's SSH key in its `authorized_keys` file. This allows the Host Provisioner to log in and access the read-only _libvirt_ socket in order to construct the dynamic Ansible inventory.
2025-02-07 18:34:51 -06:00 · 2025-02-07 18:34:51 -06:00 · 6ae3404b3a
parent 757494b48b
commit 6ae3404b3a
1 changed files with 32 additions and 0 deletions
--- a/vmhost.yml
+++ b/vmhost.yml
@ -13,3 +13,35 @@
  serial: 1
  roles:
  - vmhost
+- hosts: vm-hosts
+  tasks:
+  - name: ensure jenkins user exists
+    user:
+      name: jenkins
+      create_home: false
+      state: present
+    check_mode: true
+    register: jenkins_user
+    tags:
+    - user
+  - name: ensure jenkins user home dir exists
+    file:
+      path: '{{ jenkins_user.home }}'
+      owner: '{{ jenkins_user.uid }}'
+      group: '{{ jenkins_user.group }}'
+      mode: u=rwx,go=
+      state: directory
+    tags:
+    - homedir
+  - name: ensure host provisioner ssh key is authorized
+    authorized_key:
+      user: jenkins
+      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICoOO/ZYMxRgmyvqZwGN3NM5pHyh3NBdC7iZrXIopt93
+      comment: Host Provisioner
+      manage_dir: true
+      key_options: restrict
+      state: present
+    tags:
+    - authorized_keys
+  tags:
+  - host-provisioner