SHARE
TWEET

Untitled

a guest Sep 13th, 2017 167 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # gitlab vars
  2. deployer_user: user
  3. deployer_group: user
  4. deployer_user_ssh_key_file: .ssh/id_rsa
  5. deployer_gitlab_api: https://gitlab.example.com/api/v4
  6.  
  7. # Generated at
  8. https://gitlab.example.com/profile/personal_access_tokens
  9. deployer_gitlab_token: secret_token_here
  10.  
  11. deployer_gitlab_key_title: "{{ ansible_hostname }}_deployer"
  12.    
  13. - name: Make sure deployer user has ssh key
  14.   user:
  15.     name: '{{ deployer_user }}'
  16.     generate_ssh_key: yes
  17.  
  18. - name: Check if GitLab has this user's SSH key
  19.   uri:
  20.     url: "{{ deployer_gitlab_api }}/user/keys"
  21.     method: GET
  22.     status_code: [200]
  23.     headers:
  24.       private-token: "{{ deployer_gitlab_token }}"
  25.       Content-Type: "application/json"
  26.   register: user_ssh_keys
  27.  
  28. - name: Assign ssh key to a variable
  29.   shell:
  30.     cat /home/{{ deployer_user }}/{{ deployer_user_ssh_key_file }}.pub
  31.   register: deployer_user_public_key
  32.   when: not user_ssh_keys.json | selectattr('title', 'equalto', deployer_gitlab_key_title) | list | length > 0
  33.  
  34. - name: Push the generated ssh key to the GitLab instance
  35.   uri:
  36.       url: "{{ deployer_gitlab_api }}/user/keys"
  37.       method: POST
  38.       status_code: [201, 400]
  39.       headers:
  40.         private-token: "{{ deployer_gitlab_token }}"
  41.         Content-Type: "application/json"
  42.       body: >
  43.         {
  44.           "title": "{{ deployer_gitlab_key_title }}",
  45.           "key": "{{ deployer_user_public_key.stdout_lines.0 }}"
  46.         }
  47.       body_format: json
  48.   when: not user_ssh_keys.json | selectattr('title', 'equalto', deployer_gitlab_key_title) | list | length > 0
  49.  
  50. - name: Ensure .ssh/config file exists
  51.   file: state=touch path="/home/{{ deployer_user }}/.ssh/config"
  52.   when: not user_ssh_keys.json | selectattr('title', 'equalto', deployer_gitlab_key_title) | list | length > 0
  53.  
  54. - name: Disable host key checking
  55.   lineinfile: dest=/home/{{ deployer_user }}/.ssh/config line='Host *n tStrictHostKeyChecking nontUserKnownHostsFile=/dev/null'
  56.   when: not user_ssh_keys.json | selectattr('title', 'equalto', deployer_gitlab_key_title) | list | length > 0
  57.  
  58. - name: Add deploy group to sudoers file and validate
  59.   lineinfile: dest=/etc/sudoers state=present regexp='^%{{ deployer_group }}' line='%{{ deployer_group }} ALL=(ALL) NOPASSWD:ALL' validate="visudo -cf %s"
  60.  
  61. - name: Checkout source code
  62.   git:
  63.     repo: "git@gitlab.example.com:john.doe/my_repo.git"
  64.      dest: /home/{{ deployer_user }}/csip_v3
  65.     key_file: /home/{{ deployer_user }}/.ssh/id_rsa
  66.     accept_hostkey: true
RAW Paste Data
Top