Fernando K pushed to branch main at Root / DBRoot / PostgreSQL

Commits:

4 changed files:

Changes:

  • .gitlab-ci.yml
    ... ... @@ -24,24 +24,7 @@ sync:
    24 24 
       stage: deploy
    25 25 
       allow_failure: true
    26 26 
       script:
    27 
    -    - |
    28 
    -      ssh-keygen -t ed25519 -f key -N '' -q <<<y > /dev/null 2>&1
    29 
    -      UNSIGNED_SSH_KEY=$(cat key.pub)
    30 
    -      response=$(curl -X POST -H "X-Vault-Token: $CI_VAULT_TOKEN" -d "{\"public_key\": \"$UNSIGNED_SSH_KEY\"}" $CI_VAULT_ADDR/v1/$CI_VAULT_SIGNER_AUTHORITY_PATH)
    31 
    -      if [ $? -eq 0 ]; then
    32 
    -        SIGNED_KEY=$(echo $response | jq -r .data.signed_key)
    33 
    -        if [ "$SIGNED_KEY" != "null" ]; then
    34 
    -          echo $SIGNED_KEY > key-cert.pub
    35 
    -          chmod 644 key-cert.pub
    36 
    -        else
    37 
    -          echo "Failed to retrieve SSH key: SSH key is empty"
    38 
    -          exit 1
    39 
    -        fi
    40 
    -      else
    41 
    -        echo "Failed to retrieve SSH key: Request to Vault failed"
    42 
    -        exit 1
    43 
    -      fi
    44 
    -
    27 
    +    - bash get-key-from-bao.sh
    45 28 
         - |
    46 29 
           cd ansible
    47 30 
           if ./verify-hostnames.sh ../pg_hba.conf; then

  • ansible/ansible.cfg
    1 1 
     [defaults]
    2 2 
     inventory   = inv.ini
    3 3 
     forks       = 150
    4 
    -remote_user = ansible
    4 
    +remote_user = root
    5 5 
     remote_tmp  = /tmp
    6 6 
     host_key_checking = no
    7 7

  • ansible/main.yml
    ... ... @@ -5,7 +5,6 @@
    5 5 
     #
    6 6 
     - name  : Overwrite files
    7 7 
       hosts : all
    8 
    -  become: yes
    9 8 
       gather_facts: no
    10 9
    11 10 
       tasks:

  • get-key-from-bao.sh
    1 
    +#!/bin/sh
    2 
    +response=$(curl --no-progress-meter --request POST \
    3 
    +    --header "X-Vault-Token: $VAULT_TOKEN" --data '{"key_type": "ed25519"}' \
    4 
    +    "$VAULT_ADDR/v1/ssh-client-signer/issue/ansible") \
    5 
    +  || { echo "Failed to retrieve SSH key: Request to Vault failed"; exit 1; }
    6 
    +private_key=$(printf "%s" "$response" | jq --raw-output .data.private_key)
    7 
    +signed_key=$(printf "%s" "$response" | jq --raw-output .data.signed_key)
    8 
    +[ "$signed_key" != "null" ] && [ "$private_key" != "null" ] \
    9 
    +  || { echo "Failed to retrieve SSH key: SSH key is empty"; exit 1; }
    10 
    +printf "%s\n" "$private_key" >key && chmod 600 key
    11 
    +printf "%s\n" "$signed_key" >key-cert.pub && chmod 644 key-cert.pub


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.c3sl.ufpr.br. Manage all notifications · Help Notification message regarding https://gitlab.c3sl.ufpr.br/root/dbroot/postgresql-sync-config/-/commit/efc8ac18ba7a8c83029a8539aae3f21975e55625 at 1754507853