This role configures github deploy keys on a ansible host and manages a users ssh-config to use the generated keys for authentication with github.
This role can be useful when automatic access to private or internal repositories needs to be configured. A possible use case is Ansible Semaphore.
gdk_deploy_keys:
- name: "repo_name"
key: "/root/.ssh/id_rsa_name"
deploy_keyname: "deploy-token-name"
repo: "repo"
owner: "repo_owner"
token: "github_securetoken"
state: "present"
gdk_manage_ssh_config: false
gdk_ssh_config_path: '/root/.ssh/config'A list of dictionaries controls the repositories that this role should grant access to. If you need multiple repositories,
simply copy the -name block and adapt the repository settings.
namesets the repository name (currently only used as unique identifier)keyis the name of the ssh-key to be installeddeploy_keynameis the name of the deploy key as shown on Githubreposets the github repository to accessownersets the github account / organization the key should accesstokenis the github access token used with the API to register the keysstate(default is present). Can be set to absent to remove deploy keys
For details of the dict keys please see the the ansible github_deploy_key module documentation.
gdk_user: "root"Set the user account on the ansible host that should own the key.
gdk_manage_ssh_config: falseboolean to control whether the user ssh-config. Note: This is currently a template. Any other contents of an existing ssh-config will be overwritten.
gdk_ssh_config_path: '/root/.ssh/config'Set the path of the ssh config file to modify.
- name: Generate deploy keys and ssh config for semaphore
hosts: semaphore
vars:
gdk_deploy_keys:
- name: "repo_name"
key: "/root/.ssh/id_rsa_name"
deploy_keyname: "deploy-token-name"
repo: "repo"
owner: "repo_owner"
token: "github_securetoken"
state: "present"
gdk_user: "root"
gdk_ssh_config_path: "/var/lib/semaphore/.ssh/config"
gdk_manage_ssh_config: true
roles:
- role: ubelix.github_deploy_keysMIT