Files
a13labs.infra/.github/actions/setup-ansible-env/action.yml
T

64 lines
1.9 KiB
YAML

name: Setup Ansible Environment
description: Prepare the environment for A13labs CI/CD pipelines
runs:
using: "composite"
steps:
- name: Install Python and required packages
shell: bash
run: |
sudo apt-get update
sudo apt-get install -y python3-pip
python3 -m pip install -r requirements.txt
- name: Setup SSH Key
shell: bash
env:
VAULT_MASTER_PASSWORD: ${{ secrets.VAULT_MASTER_PASSWORD }}
run: |
sectool ssh unlock ansible
mkdir -p ~/.ssh
chmod 700 ~/.ssh
cp ssh-keys/ansible/id_ecdsa ~/.ssh/id_ecdsa
chmod 600 ~/.ssh/id_ecdsa
- name: Read SSH Trusted Hosts keys
shell: bash
env:
TRUSTED_HOSTS: ${{ secrets.TRUSTED_HOSTS }}
run: |
mkdir -p ~/.ssh
for HOST in $TRUSTED_HOSTS; do
ssh-keyscan $HOST >> ~/.ssh/known_hosts
done
chmod 600 ~/.ssh/known_hosts
- name: Enable SSH host key algorithms
shell: bash
run: |
echo "Host *" >> ~/.ssh/config
echo " HostKeyAlgorithms +sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com"
chmod 600 ~/.ssh/config
- name: Start SSH Agent
shell: bash
env:
VAULT_MASTER_PASSWORD: ${{ secrets.VAULT_MASTER_PASSWORD }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
echo 'sectool vault get SSH_PASSWORD' > ~/.ssh_askpass && chmod +x ~/.ssh_askpass
DISPLAY=None SSH_ASKPASS=~/.ssh_askpass ssh-add ~/.ssh/id_ecdsa < /dev/null
rm ~/.ssh_askpass
- name: Check SSH Connection to remote hosts
shell: bash
env:
TRUSTED_HOSTS: ${{ secrets.TRUSTED_HOSTS }}
ANSIBLE_USER: ${{ secrets.ANSIBLE_USER }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: |
for HOST in $TRUSTED_HOSTS; do
ssh $ANSIBLE_USER@$HOST echo "SSH connection to $HOST successful"
done