Merge pull request 'feat: add rundeck runner user' (#130) from neoloc/rundeck_user into develop

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/130
2024-08-06 22:36:54 +10:00 · 2024-08-06 22:36:54 +10:00 · 20ee6fa19e
commit 20ee6fa19e
parent 8e0f26e726 c846cc4e21
5 changed files with 37 additions and 0 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -142,6 +142,7 @@ hiera_include:
  - timezone
  - networking
  - ssh::server
+  - profiles::accounts::rundeck

 profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
 profiles::ntp::client::use_ntp: 'region'
@ -305,6 +306,8 @@ sudo::configs:

 profiles::accounts::sysadmin::sshkeys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
+profiles::accounts::rundeck::sshkeys:
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD4F7VcorbGpyZzBFexz7c/o1JBscrl7hZU0UkWV7fq6YLizW0r6fOzD99hMwu1kdYCjPxbvuUSDEHfyBIp2EgLWU6wFVoufQqlMyOV85+ivQZUc1VNV+X9T+U4v3u/01hkAmlpXtbkwhMSR4Wi+tdABd04+D3CuMDM37mvnFmBBmi41X4Mr1rJhOQumn1XHQ7EYbsdw2mxfEVVeWpZIHz5BjNKSGzEIAYZbFt6s0Y7X3J5RT+Gjqmu043Tc8nNIUFlR9E10qd3Euf9RiBYxBx3z+yfOzJPBzWNBSHv1+PIbO5Mq+z5JaAfoFZO41L7nw+FjV6JJUCVLr6Vq+bCxyA7LW4Oq9ZahSrt/vrT0kTa0tA5U9bqK6e7pB//dm7PzoROtTq0XksV8RseA/fvIje20uaN1z9dynx+UcbszXu9pQ5GIg1o7b5DEi3OZHJwpgdudiCyEeR4+00G0z4PjpEMnTSMHAJ53WxtjzrPAOBnAmPE7hPu4coU+XrCWEXAvRMloJmca68e+zFX7VvFK82KVDuQ99vQ6w4X73IESKoLzyAVxpelwHaDG4fN+zqYfqubVQU1L5cUeYKxqm5r3Us6VvMaYs1ZMUmDGXHOq4FNhGUJYxSjkLvunM6qyAAJQCd6Pw/2TV3UQVerbouGOZaeBLvRguHWSbDrO99Zu+t87w== rundeck_runner

 networking::interface_defaults:
  ensure: present
--- a/hieradata/roles/infra/automation/rundeck.eyaml
+++ b/hieradata/roles/infra/automation/rundeck.eyaml
--- a/hieradata/roles/infra/automation/rundeck.yaml
+++ b/hieradata/roles/infra/automation/rundeck.yaml
@ -3,6 +3,9 @@ hiera_include:
  - profiles::rundeck::server
  - profiles::nginx::simpleproxy

+hiera_exclude:
+  - profiles::accounts::rundeck
+
 profiles::packages::exclude:
  - jq

--- a/site/profiles/manifests/accounts/rundeck.pp
+++ b/site/profiles/manifests/accounts/rundeck.pp
@ -0,0 +1,14 @@
+# create the rundeck user
+class profiles::accounts::rundeck (
+  Array[String] $sshkeys = [],
+){
+  profiles::base::account {'rundeck':
+    username => 'rundeck',
+    uid      => 1100,
+    gid      => 1100,
+    groups   => ['adm', 'admins', 'systemd-journal'],
+    sshkeys  => $sshkeys,
+    require  => Group['admins'],
+    system   => true,
+  }
+}
--- a/site/profiles/manifests/rundeck/server.pp
+++ b/site/profiles/manifests/rundeck/server.pp
@ -86,4 +86,20 @@ class profiles::rundeck::server (

  create_resources('rundeck::config::aclpolicyfile', $acl_policies)
  create_resources('rundeck::config::project', $cli_projects)
+
+  # create rundeck runner ssh key
+  file {'/var/lib/rundeck/.ssh/rundeck_id_rsa':
+    ensure  => 'file',
+    owner   => 'rundeck',
+    group   => 'rundeck',
+    mode    => '0600',
+    content => lookup('rundeck::ssh::private_key'),
+  }
+  file {'/var/lib/rundeck/.ssh/rundeck_id_rsa.pub':
+    ensure  => 'file',
+    owner   => 'rundeck',
+    group   => 'rundeck',
+    mode    => '0644',
+    content => lookup('profiles::accounts::rundeck::sshkeys'),
+  }
 }