Fix ssh key checkout being broken

518512b2 · Max Rothman · 17e51a5e · 518512b2 · 518512b2 · 518512b2
Commit 518512b2 authored Jan 29, 2015 by Max Rothman
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 4 deletions

playbooks/roles/edx-notes-api/defaults/main.yml
+2 -0

playbooks/roles/edx-notes-api/meta/main.yml
+2 -0

playbooks/roles/edx_service/tasks/main.yml
+10 -4

No files found.
--- a/playbooks/roles/edx-notes-api/defaults/main.yml
+++ b/playbooks/roles/edx-notes-api/defaults/main.yml
@@ -26,6 +26,7 @@ EDX_NOTES_API_NEWRELIC_APPNAME: "{{ COMMON_ENVIRONMENT }}-{{ COMMON_DEPLOYMENT }
 EDX_NOTES_API_SECRET_KEY: "i^,9%i=e=y/Nlpb=Mkx!j&,HD9d/17F][9P,FLdwM2+G6|]BEU"
 EDX_NOTES_API_CLIENT_ID: edx-notes-id
 EDX_NOTES_API_CLIENT_SECRET: edx-notes-secret
+EDX_NOTES_API_GIT_SSH_KEY: !!null

 EDX_NOTES_API_DATABASES:
  # rw user
@@ -46,6 +47,7 @@ EDX_NOTES_API_REPOS:
    REPO: edx-notes-api.git
    VERSION: e0d/migration-overrides
    DESTINATION: "{{edx_notes_api_code_dir}}"
+    SSH_KEY: "{{ EDX_NOTES_API_GIT_SSH_KEY }}"

 #
 # This data structure will be written out to yaml configuration file

--- a/playbooks/roles/edx-notes-api/meta/main.yml
+++ b/playbooks/roles/edx-notes-api/meta/main.yml
@@ -25,4 +25,6 @@ dependencies:
    edx_service_name: "{{ edx_notes_api_service_name }}"
    edx_service_config: "{{ edx_notes_api_service_config }}"
    edx_service_repos: "{{ edx_notes_api_repos }}"
+    edx_service_user: "{{ edx_notes_api_user }}"
+    edx_service_home: "{{ edx_notes_api_home }}"
  - supervisor
--- a/playbooks/roles/edx_service/tasks/main.yml
+++ b/playbooks/roles/edx_service/tasks/main.yml
@@ -106,17 +106,23 @@
    - edx_service_repos
    - git_dir_exists.results

-
- name: validate GIT.PROTOCOL
-  fail: msg='GIT.PROTOCOL must be "https" or "ssh"'
+- name: validate git protocol
+  fail: msg='REPOS.PROTOCOL must be "https" or "ssh"'
  when: (item.PROTOCOL != "https") and (item.PROTOCOL != "ssh")
  with_items: edx_service_repos

+- name: install read-only ssh key
+  copy: >
+    content="{{ item.SSH_KEY }}" dest={{ edx_service_home }}.ssh/{{ item.REPO }}
+    owner={{ edx_service_user }} group={{ edx_service_user }} mode=0600
+  when: item.PROTOCOL == "ssh"
+  with_items: edx_service_repos
+
 - name: checkout code over ssh
  git: >
    repo=git@{{ item.DOMAIN }}:{{ item.PATH }}/{{ item.REPO }}
    dest={{ item.DESTINATION }}  version={{ item.VERSION }}
-    accept_hostkey=yes key_file={{ edx_notes_api_home }}/.ssh/id_rsa
+    accept_hostkey=yes key_file={{ edx_service_home }}.ssh/{{ item.REPO }}
  sudo_user: "{{ edx_role_name }}"
  register: code_checkout
  when: item.PROTOCOL == "ssh"