Merge pull request #67 from opencrvs/testing-infra-2

Dont create backup user
opencrvs · Feb 18, 2024 · 1578785 · 1578785
2 parents bd531f6 + 329b35b
commit 1578785
Showing 1 changed file with 22 additions and 46 deletions.
diff --git a/infrastructure/server-setup/backups.yml b/infrastructure/server-setup/backups.yml
@@ -7,10 +7,17 @@
 #
 # Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
 ---
+- hosts: localhost
+  tasks:
+    - name: Generate SSH keypair for application -> backup server connection
+      command: ssh-keygen -t rsa -b 4096 -f /tmp/backup_ssh_key -N ""
+      tags:
+        - backups
+
 - hosts: docker-manager-first
   become: yes
   vars:
-    crontab_user: provision
+    crontab_user: root
 
   tasks:
     - name: Get crontab user home directory
@@ -25,20 +32,6 @@
         crontab_user_home: '{{ getent_passwd_crontab.ansible_facts.getent_passwd[crontab_user][4] }}'
       tags:
         - backups
-
-    - name: "Copy the public key using lookup"
-      authorized_key:
-        state: present
-        key: "{{ lookup('file','{{ crontab_user_home }}/.ssh/id_rsa.pub') }}"
-      tags:
-        - backups
-
-    - name: Print authorized_key information from the previous task
-      ansible.builtin.debug:
-        var: authorized_key
-        verbosity: 2
-      tags:
-        - backups
 
     - name: Check if crontab user already has an ssh key
       stat:
@@ -56,6 +49,20 @@
       tags:
         - backups
 
+    - name: Create an SSH key for crontab user if they do not have one
+      copy:
+        src: /tmp/backup_ssh_key
+        dest: '{{ crontab_user_home }}/.ssh/id_rsa'
+        mode: 0600
+      when: not file_check.stat.exists
+      tags:
+        - backups
+
+    - name: Create public key file from private key
+      shell: ssh-keygen -y -f '{{ crontab_user_home }}/.ssh/id_rsa' > '{{ crontab_user_home }}/.ssh/id_rsa.pub'
+      tags:
+        - backups
+
     - include_tasks:
         file: tasks/backups/crontab.yml
         apply:
@@ -80,37 +87,6 @@
   vars:
     manager_hostname: "{{ groups['docker-manager-first'][0] }}"
   tasks:
-    - name: Ensure backup user is present
-      user:
-        name: '{{ external_backup_server_user }}'
-        state: present
-        create_home: true
-        home: '/home/{{ external_backup_server_user }}'
-        shell: /bin/bash
-      tags:
-        - backups
-
-    - set_fact:
-        external_backup_server_user_home: '/home/{{ external_backup_server_user }}'
-      tags:
-        - backups
-
-    - name: Check if authorized_keys already exists
-      stat:
-        path: '{{ external_backup_server_user_home }}/.ssh/authorized_keys'
-      register: file_check
-      tags:
-        - backups
-
-    - name: Ensure .ssh directory exists for external backup server user
-      file:
-        path: '{{ external_backup_server_user_home }}/.ssh'
-        state: directory
-        owner: '{{ external_backup_server_user }}'
-        mode: '0700'
-      tags:
-        - backups
-
     - name: Ensure backup application servers can login to backup server
       blockinfile:
         path: '{{ external_backup_server_user_home }}/.ssh/authorized_keys'