name: Setup Ansible Environment description: Prepare the environment for A13labs CI/CD pipelines inputs: vault-master-password: description: "The master password for the vault" required: true ansible-user: description: "The user to use for Ansible" required: true trusted-hosts: description: "The list of trusted hosts" required: true outputs: ssh-auth-sock: description: "The SSH_AUTH_SOCK environment variable" value: ${{ steps.start-ssh-agent.outputs.ssh-auth-sock }} runs: using: "composite" steps: - name: Install Python and required packages shell: bash run: | sudo apt-get update sudo apt-get install -y python3-pip python3 -m pip install -r requirements.txt - name: Setup SSH Key shell: bash env: VAULT_MASTER_PASSWORD: ${{ inputs.vault-master-password }} run: | sectool ssh unlock ansible mkdir -p ~/.ssh chmod 700 ~/.ssh cp ssh-keys/ansible/id_ecdsa ~/.ssh/id_ecdsa chmod 600 ~/.ssh/id_ecdsa - name: Read SSH Trusted Hosts keys shell: bash env: TRUSTED_HOSTS: ${{ inputs.trusted-hosts }} run: | mkdir -p ~/.ssh for HOST in $TRUSTED_HOSTS; do ssh-keyscan $HOST >> ~/.ssh/known_hosts done chmod 600 ~/.ssh/known_hosts - name: Enable SSH host key algorithms shell: bash run: | echo "Host *" >> ~/.ssh/config echo " HostKeyAlgorithms +sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com" chmod 600 ~/.ssh/config - name: Start SSH Agent shell: bash env: VAULT_MASTER_PASSWORD: ${{ inputs.vault-master-password }} SSH_AUTH_SOCK: /tmp/ssh_agent.sock run: | ssh-agent -a $SSH_AUTH_SOCK > /dev/null echo 'sectool vault get SSH_PASSWORD' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add ~/.ssh/id_ecdsa < /dev/null rm ~/.ssh_askpass - name: Check SSH Connection to remote hosts shell: bash env: TRUSTED_HOSTS: ${{ inputs.trusted-hosts }} ANSIBLE_USER: ${{ inputs.ansible-user }} SSH_AUTH_SOCK: /tmp/ssh_agent.sock run: | for HOST in $TRUSTED_HOSTS; do ssh $ANSIBLE_USER@$HOST echo "SSH connection to $HOST successful" done