search

neillturner / kitchen-ansible

Ansible Provisioner for Test Kitchen
Other
350 stars 134 forks source link

Fixed key permissions #332

Open jmtx1020 opened 9 months ago

jmtx1020 commented 9 months ago

Before this fix, we'd be copying the entire ssh_private_keys directory from the role root path into ~/.ssh with the user and group being set to root:root.

This was problematic as tools like git don't look recursively through the directory. The key files need to be at the root of ~/.ssh.

This sets the file permissions on the keys and user/group ownership before copying them into ~/.ssh(while preserving corrected permissions). Thus enabling us to pull roles from private repositories from our requirements.yaml.

With the below config:

provisioner:
  ssh_known_hosts: ["github.com"]
  name: ansible_playbook
  roles_path: .
  additional_ssh_private_keys:
  - "/Users/username/.ssh/id_ed25519"

Preview: 

ubuntu@base-kitchen:~/.ssh$ ls -alh
total 20K
drwx------ 2 ubuntu ubuntu 4.0K Feb 28 02:46 .
drwxr-x--- 5 ubuntu ubuntu 4.0K Feb 28 02:46 ..
-rw------- 1 ubuntu ubuntu  381 Feb 28 02:46 authorized_keys
-rw------- 1 ubuntu ubuntu  411 Feb 28 02:46 id_ed25519
-rw-rw-r-- 1 ubuntu ubuntu  828 Feb 28 02:46 known_hosts