Actions
action #67804
closeduse non-personal account and key for pushing needles on osd to gitlab.suse.de
Start date:
2020-05-25
Due date:
2020-11-05
% Done:
0%
Estimated time:
Description
Actions
Added by okurz over 4 years ago. Updated about 4 years ago.
0%
Description
on osd in the home directory of "geekotest" there is a directory ~/.ssh which contains:
authorized_keys config id_rsa id_rsa.gitlab id_rsa.gitlab.pub id_rsa.pub known_hosts known_hosts.old
IIUC nicksinger has added the key "id_rsa.gitlab id_rsa.gitlab.pub" under the account "nicksinger" on gitlab.suse.de so logging in to gitlab.suse.de greets with "nicksinger" but that account is blocked at time of writing, see #75067
I just commented out the section in ~/.ssh/config to use ~/.ssh/id_rsa.gitlab so git+ssh uses "id_rsa" which is already supplied as a valid key for the gitlab user "openqa-pusher". Then in ~/share/tests/sle/products/sle/needles
the command git pull --rebase origin master && git push
worked because the account "openqa-pusher" is not blocked.
EDIT:
I don't think we actually currently need the specific "gitlab" ssh keys as we have the generic one already added to gitlab and renamed the gitlab one to make it obvious it's unused:
mv id_rsa.gitlab{,.unused}
mv id_rsa.gitlab.pub{,unused}
However to include that into salt I think it's safer to use a dedicated key anyway. On osd as geekotest I did ssh-keygen -t ed25519 -N '' -C 'geekotest@openqa.suse.de, openqa-pusher needle pushing to gitlab' -f id_ed25519.gitlab
,
added the public key in https://openqa-pusher@gitlab.suse.de/profile/keys and included the files into the pillars repo
cd ~/local/openqa/salt-pillars-openqa/hosts/openqa.suse.de
ssh osd "sudo -u geekotest cat /var/lib/openqa/.ssh/id_ed25519.gitlab.pub" > id_ed25519.gitlab.pub
ssh osd "sudo -u geekotest cat /var/lib/openqa/.ssh/id_ed25519.gitlab" > id_ed25519.gitlab
and reference in salt-states-openqa, e.g.
105 {% for i in ['', '.pub'] %}
106 /var/lib/openqa/.ssh/id_ed25519.gitlab{{i}}:
107 file.managed:
108 - contents_pillar: id_ed25519.gitlab{{i}}
cat config
Host gitlab.suse.de
User gitlab
IdentityFile ~/.ssh/id_ed25519.gitlab
IdentitiesOnly yes
generated config on osd looks fine, everything seems to work as expected.