From 2102dae5469b5814a28eadc5bf28425d9221b49b Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Aug 07 2024 21:27:38 +0000 Subject: provisioning: hardcode SSH pubkeys from some CoreOS members Add a few members of the CoreOS team to the list of SSH users so they can help with debugging and maintaining the node. --- diff --git a/archive-repo-manager.bu b/archive-repo-manager.bu index 1f780f1..afece5b 100644 --- a/archive-repo-manager.bu +++ b/archive-repo-manager.bu @@ -4,7 +4,10 @@ passwd: users: - name: core ssh_authorized_keys: - - ${core_user_ssh_pubkey_string} + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD2v0AVNJauAmerBvsbz/y2/lyTqkE0s71ZPd2MNRhYRlx7nn5fhIh7OptqUSbHUQXm+K2pBHWz5/cILGpcdWOpG97AwAsFvJP3EJqAMRLstLPuziBckkc6QV5ZSwfTW3fabKcU4gaF51LFQlDo/Fi2QfQ1O2lOCQDKWlHR5metN7iVdYzQGO9DWAYMX1RoRhdtVsrPU8+qLpx8zdBdeZDLXvou+gkrnI2taMptoi7afcfIR1KYNlYQGb1TlLG5reJPADHRqnjbpItbZ8IfWULedGjp7DhPYzCyv1g869XQerFRqR8T7WTppyfZLtrOUC2hB6pFtux8KdAVsIu0juWv dustymabe@fedoraproject.org + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDrXfh/rRxGZDZHlHe7n+MdW4TJTeXFHnq3Yr/IW7n0xEXXeXyCZaJARAIURQVHTuEPB9B8f/C1NkvxHmqmlS5VdYvkJ2xAeU2wkrTWSnbiRFZE+SB866aFbeOUxMxVcB8lId81T5nE7OqF9A7yVSMQLd6qpC3Wf0i+LsGXPGRLz5mj6OCzAu2Hj5deWKAZThyooEpo5msbuqYaOxofn6ZsxOera2xGzV4kXKtxYld4JNRU7HcCtEeU0LDNOXVToqpiovipC/vLLU+b67B27tALKP0NYnTpZrOx567qeqGzLQxP46J7ACrVplc3XhNJNBztMwR45Kt1orQpoxGKJUeZfMOh2vtEyYVG2lXFF85vBffEiduiOMJAMjRiSDwjXXYH6knFxhCBNwJKbSrGPODIecl5f5PzZ5yOp7ftGoRdE8x3ohginO4o9uFna2qXXXnRyresBQj2mHkPXqt4UM63oHE7oRDCY8OWAHSMuURPgLz5ajDPaH8ExwI2KNlRzc= jlebon@flux + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgBv89yZuWD1AfOi+3CGI7FWawpwYQVrxLCjfxPnP7KjEGGAHGsorce5XGNu1W57ND8HrdLyQf4SLfHAwVyRvRfIf8NzakUuxR4khHCpxE+F8ByTyg23Y17DkfBM/RCXcdMU1vvDkfCdsVMOY8KKhLL412560KfxQhQBKsCmssMZQ4Ii5b18cJfbwk+JnNC0fRiV/h2qrOsRQ7XvJynHHxMfqfih3BLnVo83FSf3G7T9LwpS7BQK4BsO14ahztMXxkU7j+ZdRd3+gUK3L9E0Y/fdtrMXgnG6OphkFEGTY7hlpV9Ppr7t5mDDl6LPMDWpWaZ0xz61IqKbrjXVPv63xF ravanelli@renatas-air.br.ibm.com + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCeVRo3murzVdV9OqZaDdn92Hor4hOejLlyY6AlydBv+CeXidz5Vdil7dBO6gX+QhbXusdKTDE7sb554C73ezssXyoC6ttfZE3j+bsVvy5BjlAgJ5jWEfBjR2/AJ1kjLhwg6fSroZpQHNmpPV3JOMKefRFG/yML6fFx6szGlxkOOesGCGMZTEEgM2m+TwyIEwb0bNdc/Qakir1kb/qOU2InfuDAX+gpjQVNYLSUbdiXQyqrCGFmeM0PhwgWmBJBrCLSO0a/QMtqnI/z9XRbjEGkkwQmVdDBDcxnO5mlqro5bTvAPKtbuM/pUjdOvMny1OQIgNFs5YJIMlKjQUoO/ZyVlndtldSDrE2L4hLOQu8i6Qx22FZKCco7h1yvCkJ0xlu4hKe4EqiueMScLjfYdA3IUH1e5Pi+F6v55Bcq6jxRUDTpbhFx94d6JznC8S40R/byvRAbsfvBS61XOtxEoA9orPooGBSW9AcP5ZTbSiAktQHUXih7XaUWIv7PnFMc60s= jbtrystram@redhat.com - name: worker kernel_arguments: should_exist: diff --git a/provisioning/README.md b/provisioning/README.md index 3c052d0..65bd9e4 100644 --- a/provisioning/README.md +++ b/provisioning/README.md @@ -9,7 +9,6 @@ Set the following environment variables to pass through to `tofu` that will get substituted into the butane config: ``` - export TF_VAR_core_user_ssh_pubkey_string= export TF_VAR_s3_bucket= export TF_VAR_aws_access_key_id= export TF_VAR_aws_secret_access_key= diff --git a/provisioning/main.tf b/provisioning/main.tf index 57641a2..9075560 100644 --- a/provisioning/main.tf +++ b/provisioning/main.tf @@ -19,10 +19,6 @@ provider "aws" {} provider "ct" {} provider "http" {} -variable "core_user_ssh_pubkey_string" { - type = string -} - variable "s3_bucket" { type = string } @@ -39,7 +35,6 @@ data "aws_region" "aws_region" {} data "ct_config" "butane" { content = templatefile("../archive-repo-manager.bu", { - core_user_ssh_pubkey_string = var.core_user_ssh_pubkey_string s3_bucket=var.s3_bucket aws_access_key_id=var.aws_access_key_id aws_secret_access_key=var.aws_secret_access_key