Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add volume mounted SSH keys for Tower on Openshift #587

Merged
merged 9 commits into from
Mar 16, 2021
Merged

Add volume mounted SSH keys for Tower on Openshift #587

merged 9 commits into from
Mar 16, 2021

Conversation

paulbarfuss
Copy link
Contributor

@paulbarfuss paulbarfuss commented Mar 10, 2021
edited
Loading

What does this PR do?

Adds one or more volume-mounted SSH key to Ansible Tower on Openshift. The basic pattern follows some of the recent work done on the installer using simple oc cli commands:

oc create secret generic ...
oc set volume --type secret --add ...

Also would like to add some single quotes to oc login commands to allow for use of special characters while crushing any attempts at shell expansion.

How should this be tested?

Run the playbooks provided in the README against a running ansible-tower deployment and then verify the file permissions and content are correct:

oc rsh -c ansible-tower-task <POD_NAME> ls -lah /var/lib/awx/.ssh/
oc rsh -c ansible-tower-task <POD_NAME> cat -lah /var/lib/awx/.ssh/<SSH_KEY_FILE>.pem

This was also tested with various combinations of the secret or volume mount being either missing or present to ensure it properly add the file and skip the task if the key is already present.

Other Relevant info, PRs, etc.

Please provide link to other PRs that may be related (blocking, resolves, etc. etc.)

People to notify

cc: @redhat-cop/infra-ansible

@paulbarfuss paulbarfuss changed the title Draft: Add volume mounted SSH keys for Tower on Openshift Add volume mounted SSH keys for Tower on Openshift Mar 10, 2021
@paulbarfuss paulbarfuss requested a review from oybed March 10, 2021 22:32
oybed
oybed requested changes Mar 16, 2021
View reviewed changes
Copy link
Contributor

@oybed oybed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great stuff - see inline comments for mostly README updates/related changes.

roles/ansible/tower/config-ansible-tower-ocp-ssh/tasks/ocp-process-ssh-key.yml Outdated Show resolved Hide resolved
roles/ansible/tower/config-ansible-tower-ocp-ssh/README.md Outdated Show resolved Hide resolved
roles/ansible/tower/config-ansible-tower-ocp-ssh/README.md Outdated Show resolved Hide resolved
roles/ansible/tower/config-ansible-tower-ocp-ssh/README.md Outdated Show resolved Hide resolved
@paulbarfuss paulbarfuss force-pushed the add-tower-ocp-ssh-keys branch from 06651c0 to 47d00a7 Compare March 16, 2021 17:53
oybed
oybed approved these changes Mar 16, 2021
View reviewed changes
Copy link
Contributor

@oybed oybed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@oybed oybed merged commit 7905cc4 into redhat-cop:main Mar 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oybed oybed oybed approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@paulbarfuss @oybed