--- # Setup SSH key for Jenkins to connect to remote agents # Usage: ansible-playbook playbooks/setup-jenkins-agent-ssh.yml -e "agent_host=45.16.76.42" - name: Setup Jenkins SSH key for remote agent hosts: jenkins become: true gather_facts: true vars: jenkins_user: jenkins jenkins_home: /var/lib/jenkins agent_host: "{{ agent_host | default('') }}" agent_user: "{{ agent_user | default('dlxadmin') }}" tasks: - name: Validate agent_host is provided ansible.builtin.fail: msg: "Please provide agent_host: -e 'agent_host=45.16.76.42'" when: agent_host == '' - name: Create .ssh directory for jenkins user ansible.builtin.file: path: "{{ jenkins_home }}/.ssh" state: directory owner: "{{ jenkins_user }}" group: "{{ jenkins_user }}" mode: '0700' - name: Check if jenkins SSH key exists ansible.builtin.stat: path: "{{ jenkins_home }}/.ssh/id_rsa" register: jenkins_key - name: Generate SSH key for jenkins user ansible.builtin.command: cmd: ssh-keygen -t rsa -b 4096 -f {{ jenkins_home }}/.ssh/id_rsa -N '' -C 'jenkins@{{ ansible_hostname }}' become_user: "{{ jenkins_user }}" when: not jenkins_key.stat.exists - name: Set correct permissions on SSH key ansible.builtin.file: path: "{{ jenkins_home }}/.ssh/{{ item }}" owner: "{{ jenkins_user }}" group: "{{ jenkins_user }}" mode: "{{ '0600' if item == 'id_rsa' else '0644' }}" loop: - id_rsa - id_rsa.pub - name: Read jenkins public key ansible.builtin.slurp: path: "{{ jenkins_home }}/.ssh/id_rsa.pub" register: jenkins_pubkey - name: Display jenkins public key ansible.builtin.debug: msg: - "===== Jenkins Public Key =====" - "{{ jenkins_pubkey.content | b64decode | trim }}" - "" - "Next steps:" - "1. Copy the public key above" - "2. Add it to {{ agent_user }}@{{ agent_host }}:~/.ssh/authorized_keys" - "3. Test: ssh -i {{ jenkins_home }}/.ssh/id_rsa {{ agent_user }}@{{ agent_host }}" - "4. Update Jenkins credential 'dlx-key' with this private key" - name: Create helper script to copy key to agent ansible.builtin.copy: dest: /tmp/copy-jenkins-key-to-agent.sh mode: '0755' content: | #!/bin/bash # Copy Jenkins public key to remote agent AGENT_HOST="{{ agent_host }}" AGENT_USER="{{ agent_user }}" JENKINS_PUBKEY="{{ jenkins_pubkey.content | b64decode | trim }}" echo "Copying Jenkins public key to ${AGENT_USER}@${AGENT_HOST}..." ssh ${AGENT_USER}@${AGENT_HOST} "mkdir -p ~/.ssh && chmod 700 ~/.ssh && echo '${JENKINS_PUBKEY}' >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys" echo "Testing connection..." sudo -u jenkins ssh -o StrictHostKeyChecking=no -i {{ jenkins_home }}/.ssh/id_rsa ${AGENT_USER}@${AGENT_HOST} 'echo "Connection successful!"' - name: Instructions ansible.builtin.debug: msg: - "" - "===== Manual Steps Required =====" - "" - "OPTION A - Copy key automatically (if you have SSH access to agent):" - " 1. SSH to jenkins server: ssh dlxadmin@192.168.200.91" - " 2. Run: /tmp/copy-jenkins-key-to-agent.sh" - "" - "OPTION B - Copy key manually:" - " 1. SSH to agent: ssh {{ agent_user }}@{{ agent_host }}" - " 2. Edit: ~/.ssh/authorized_keys" - " 3. Add: {{ jenkins_pubkey.content | b64decode | trim }}" - "" - "Then update Jenkins:" - " 1. Go to: http://192.168.200.91:8080/manage/credentials/" - " 2. Find credential 'dlx-key'" - " 3. Update → Replace with private key from: {{ jenkins_home }}/.ssh/id_rsa" - " 4. Or create new credential with this key"