105 lines
3.9 KiB
YAML
105 lines
3.9 KiB
YAML
---
|
|
# Setup SSH key for Jenkins to connect to remote agents
|
|
# Usage: ansible-playbook playbooks/setup-jenkins-agent-ssh.yml -e "agent_host=45.16.76.42"
|
|
|
|
- name: Setup Jenkins SSH key for remote agent
|
|
hosts: jenkins
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
jenkins_user: jenkins
|
|
jenkins_home: /var/lib/jenkins
|
|
agent_host: "{{ agent_host | default('') }}"
|
|
agent_user: "{{ agent_user | default('dlxadmin') }}"
|
|
|
|
tasks:
|
|
- name: Validate agent_host is provided
|
|
ansible.builtin.fail:
|
|
msg: "Please provide agent_host: -e 'agent_host=45.16.76.42'"
|
|
when: agent_host == ''
|
|
|
|
- name: Create .ssh directory for jenkins user
|
|
ansible.builtin.file:
|
|
path: "{{ jenkins_home }}/.ssh"
|
|
state: directory
|
|
owner: "{{ jenkins_user }}"
|
|
group: "{{ jenkins_user }}"
|
|
mode: '0700'
|
|
|
|
- name: Check if jenkins SSH key exists
|
|
ansible.builtin.stat:
|
|
path: "{{ jenkins_home }}/.ssh/id_rsa"
|
|
register: jenkins_key
|
|
|
|
- name: Generate SSH key for jenkins user
|
|
ansible.builtin.command:
|
|
cmd: ssh-keygen -t rsa -b 4096 -f {{ jenkins_home }}/.ssh/id_rsa -N '' -C 'jenkins@{{ ansible_hostname }}'
|
|
become_user: "{{ jenkins_user }}"
|
|
when: not jenkins_key.stat.exists
|
|
|
|
- name: Set correct permissions on SSH key
|
|
ansible.builtin.file:
|
|
path: "{{ jenkins_home }}/.ssh/{{ item }}"
|
|
owner: "{{ jenkins_user }}"
|
|
group: "{{ jenkins_user }}"
|
|
mode: "{{ '0600' if item == 'id_rsa' else '0644' }}"
|
|
loop:
|
|
- id_rsa
|
|
- id_rsa.pub
|
|
|
|
- name: Read jenkins public key
|
|
ansible.builtin.slurp:
|
|
path: "{{ jenkins_home }}/.ssh/id_rsa.pub"
|
|
register: jenkins_pubkey
|
|
|
|
- name: Display jenkins public key
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "===== Jenkins Public Key ====="
|
|
- "{{ jenkins_pubkey.content | b64decode | trim }}"
|
|
- ""
|
|
- "Next steps:"
|
|
- "1. Copy the public key above"
|
|
- "2. Add it to {{ agent_user }}@{{ agent_host }}:~/.ssh/authorized_keys"
|
|
- "3. Test: ssh -i {{ jenkins_home }}/.ssh/id_rsa {{ agent_user }}@{{ agent_host }}"
|
|
- "4. Update Jenkins credential 'dlx-key' with this private key"
|
|
|
|
- name: Create helper script to copy key to agent
|
|
ansible.builtin.copy:
|
|
dest: /tmp/copy-jenkins-key-to-agent.sh
|
|
mode: '0755'
|
|
content: |
|
|
#!/bin/bash
|
|
# Copy Jenkins public key to remote agent
|
|
AGENT_HOST="{{ agent_host }}"
|
|
AGENT_USER="{{ agent_user }}"
|
|
JENKINS_PUBKEY="{{ jenkins_pubkey.content | b64decode | trim }}"
|
|
|
|
echo "Copying Jenkins public key to ${AGENT_USER}@${AGENT_HOST}..."
|
|
ssh ${AGENT_USER}@${AGENT_HOST} "mkdir -p ~/.ssh && chmod 700 ~/.ssh && echo '${JENKINS_PUBKEY}' >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
|
|
|
|
echo "Testing connection..."
|
|
sudo -u jenkins ssh -o StrictHostKeyChecking=no -i {{ jenkins_home }}/.ssh/id_rsa ${AGENT_USER}@${AGENT_HOST} 'echo "Connection successful!"'
|
|
|
|
- name: Instructions
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- ""
|
|
- "===== Manual Steps Required ====="
|
|
- ""
|
|
- "OPTION A - Copy key automatically (if you have SSH access to agent):"
|
|
- " 1. SSH to jenkins server: ssh dlxadmin@192.168.200.91"
|
|
- " 2. Run: /tmp/copy-jenkins-key-to-agent.sh"
|
|
- ""
|
|
- "OPTION B - Copy key manually:"
|
|
- " 1. SSH to agent: ssh {{ agent_user }}@{{ agent_host }}"
|
|
- " 2. Edit: ~/.ssh/authorized_keys"
|
|
- " 3. Add: {{ jenkins_pubkey.content | b64decode | trim }}"
|
|
- ""
|
|
- "Then update Jenkins:"
|
|
- " 1. Go to: http://192.168.200.91:8080/manage/credentials/"
|
|
- " 2. Find credential 'dlx-key'"
|
|
- " 3. Update → Replace with private key from: {{ jenkins_home }}/.ssh/id_rsa"
|
|
- " 4. Or create new credential with this key"
|