From ed4c1ff3d61ac7a2a05e1c948ab7790716c46c78 Mon Sep 17 00:00:00 2001 From: Simon Sapin Date: Thu, 16 May 2019 18:38:38 +0200 Subject: [PATCH] Add some SSH keys to tc-mac workers --- etc/taskcluster/macos/config/master | 1 + etc/taskcluster/macos/modules/pillar/ssh_keys.py | 14 ++++++++++++++ etc/taskcluster/macos/states/generic-worker.sls | 8 ++++++++ 3 files changed, 23 insertions(+) create mode 100644 etc/taskcluster/macos/modules/pillar/ssh_keys.py diff --git a/etc/taskcluster/macos/config/master b/etc/taskcluster/macos/config/master index ef5272e7817..9d042fe859a 100644 --- a/etc/taskcluster/macos/config/master +++ b/etc/taskcluster/macos/config/master @@ -5,6 +5,7 @@ file_roots: extension_modules: ../modules ext_pillar: - taskcluster_secrets: + - ssh_keys: roster_defaults: # https://github.com/saltstack/salt/issues/50477 minion_opts: diff --git a/etc/taskcluster/macos/modules/pillar/ssh_keys.py b/etc/taskcluster/macos/modules/pillar/ssh_keys.py new file mode 100644 index 00000000000..d04766e0657 --- /dev/null +++ b/etc/taskcluster/macos/modules/pillar/ssh_keys.py @@ -0,0 +1,14 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +import urllib + + +def ext_pillar(_minion_id, _pillar, *_args): + url = "https://raw.githubusercontent.com/servo/saltfs/master/admin/files/ssh/%s.pub" + return {"ssh_keys": [urllib.urlopen(url % name).read() for name in [ + "jdm", + "manishearth", + "simonsapin", + ]]} diff --git a/etc/taskcluster/macos/states/generic-worker.sls b/etc/taskcluster/macos/states/generic-worker.sls index 0c3db51254f..2466c6bc2a5 100644 --- a/etc/taskcluster/macos/states/generic-worker.sls +++ b/etc/taskcluster/macos/states/generic-worker.sls @@ -6,6 +6,14 @@ GMT: timezone.system +sshkeys: + ssh_auth.present: + - user: root + - names: + {% for key in pillar["ssh_keys"] %} + - {{ key | yaml_encode }} + {% endfor %} + {{ bin }}/generic-worker: file.managed: - name: