task: commit a private key for server provisioning

Part of #1631 [skip ci]
php-coder · Oct 24, 2023 · 3dbfd9e · 3dbfd9e
1 parent 8ced7c2
commit 3dbfd9e
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 4 deletions.
diff --git a/.github/workflows/provision-by-ansible.yml b/.github/workflows/provision-by-ansible.yml
@@ -44,7 +44,7 @@ jobs:
         run: |
           printf '%s' "$VAULT_PASSWORD" >vault-pass.txt
 
-          for FILENAME in provisioning/vars/prod.yml; do
+          for FILENAME in provisioning/vars/prod.yml provisioning/coder_rsa; do
             echo "Decrypting ${FILENAME}.enc to $FILENAME"
             ansible-vault decrypt \
               --vault-password-file vault-pass.txt \
@@ -66,12 +66,14 @@ jobs:
           # Disable host key checking to suppress interactive prompt.
           # See: https://docs.ansible.com/ansible/2.10/user_guide/connection_details.html#managing-host-key-checking
           ANSIBLE_HOST_KEY_CHECKING: 'False'
+          # See: https://docs.ansible.com/ansible/2.10/reference_appendices/config.html#envvar-ANSIBLE_PRIVATE_KEY_FILE
+          ANSIBLE_PRIVATE_KEY_FILE: 'provisioning/coder_rsa'
         run: ansible-playbook provisioning/prod.yml -i provisioning/prod.inventory
 
       - name: Cleanup
         if: always()
         working-directory: infra/vagrant
         run: |
-          for FILE in vault-pass.txt provisioning/vars/prod.yml; do
+          for FILE in vault-pass.txt provisioning/vars/prod.yml provisioning/coder_rsa; do
             [ ! -f "$FILE" ] || rm -fv "$FILE"
           done
diff --git a/.gitignore b/.gitignore
@@ -44,6 +44,9 @@ infra/docker/mysql_backup_mystamps.sql.gz
 # .github/workflows/provision-by-terraform.yml
 vault-pass.txt
 
+# created by .github/workflows/provision-by-ansible.yml
+coder_rsa
+
 # created by src/main/scripts/ci/deploy.sh
 mystamps_rsa
 prod_vars.yml

diff --git a/infra/vagrant/provisioning/coder_rsa.enc b/infra/vagrant/provisioning/coder_rsa.enc
@@ -0,0 +1,89 @@
+$ANSIBLE_VAULT;1.1;AES256
+37353262383730363737326662386135303332343861366338663434306237313233643965326630
+3338633834633638376562333632313165643832396162660a373932666338363763636265636530
+38616433633330333533396331366661396430633133396433303437656566376436306530396136
+3861386163323565360a353636613036343430643166356361353037306264303761343766383035
+30373834393361666630656136343735363465386366623138346639626164663934353064616133
+37633331383038393865623639303431393431653737336334643339303036346236323031633562
+66326638393564663036343864393130633939313236323837613864303365333165626166383663
+32663530323365643038303566626165336138613330623766633837343436353334333335303636
+39333065663831626161663930383430343364376137333862656437306264383732343830363862
+64623863643064646538643966326436643137313933636138383134326661383036663139613562
+34313536333166376562656132653538303561623734313334383139336637626436633666653030
+66633166656137663566313861623530333565343731656161396539623235656437656365643965
+65333236333164316366643234633331306132623564396163336232663163656162303836303434
+66383363633533383933643664613932396661343734386439343861383364656532633965383962
+63626537613934333635386538653462626531336230613062323362306638663839636639313534
+62306565343237653535393333313663313536316163666131316665383532393335353930643066
+35663862376138636633303566633263396636373031613539373831616563336133386237326163
+37353134633266666233373430383638346532663134393434343138666466633135333166363964
+31613065313037353337636439636664376438653732383838633463343662313137636238316234
+37356136616265616364306530633433643863323535346165393738666366336664326134653164
+30313962363465623631316534303530333534623663326130393764653966306431633166366430
+62363663623663353732666365626562643632376336363266376632386639653231343237373032
+35643733313161356535616539623061663165373437653564633636306336313131303533646433
+63336264373162316139386263343635636636303732366433623738383039653437326563346232
+30656432386164323239663465633732326535636533646661663934303266316331356662386361
+35613335626436346263376162323936396465633333373164343532623137643665303563663536
+64396633663831653264323336666165326134386363313632346335623732646136303662356337
+39653031356633376337356436333762333636373961666564653138303865323437373933623261
+32383762663665383132326333343430343433663334626334313462373162366261646530646166
+62343864643539343335353836396630383937623538646338663466353933613035656135316138
+63633264653333313165663264613535623231616164646636653166613132343636363032316638
+61643962373563376562366263366231356466613931623639656135323635386563383532343066
+36646133653733353737633836316162376132386539393366383763656162333737363763393630
+34336563353564313062373132313138653330303238633164623561376238653032613566343731
+34363164626230316438653363393936373136366261336236303033643437366139396365393230
+38366539616233363062393233363230363739643838393739666533623433643565376231623536
+32346361386334636361613936663362383534646338656338393330356262323934333334316135
+62636666373564346238346364363931393561396465623232336534383431633430323466396334
+32346663623030653266316566373635373332663238616666643865616232616661396133306461
+62336538303236323461363439313638376264636136613936333538616662303833326466356435
+61616466383839303938616533303431303839613934373236333765633664666364323231616265
+38383730386166616430613930356431306465383135656633353931323737393861396661623661
+34313338363931376136303865326665326439376665613538303036663262656539623666383838
+35653666313861386439346235383466636639383737366164353535653565626133656439343361
+65656166363336626438626233653366623966356230636364633531623735353364306539626533
+35623436396434373565393434633061323739353562313064623238666632613264646436663565
+39346163363661346266393638323865383032646135653639333931656634343137353063373563
+66326461616464643935383636383135343361376465646230623064306163613763633237353065
+31386330623338336239356132303766383064633139613663353232623265623436373538376635
+32653833643138366161623263316163343139346438393166623934313163656661623137653363
+32356364663032373237313464333734356133306536376135653235663835653934363836386333
+32303863373137646531373065366138613739366261613336343539633662363964613864356136
+39313266313735623866313031336664633063613732343634623263393634633366393434383938
+62366632626561613865396564326363346263616662633862626365356632363237336162363737
+64376639636239396565643138633632343562373437653661373730633261663331633965623665
+34656664666661313931373562383132363431633034303831663166366632333062393535366534
+62313537376133363435346538393365656365656162346530633837653938333563303561653462
+37323661613535336134663139393033306661636363613537613533663032326238383231383739
+65663063663465333036316437616639303262386330353164663938633961626638323432623164
+36373338646530363438346438393536383335646433636238353561656139343032383765323931
+66373932666166386265396365346464353832326462316333333432323761343731373162623961
+32626138316164666639323561643430306333363561333965616461663164373730663263643834
+32333436396238323734343364613966376336616362666266653230373034636534636634636538
+31346539623435363163633563626136363833346132636532356636343663373562313439313765
+65623665373336393862643032643163366331313466663565376433613338393964633036613063
+66333334643231313737666166646262366133303938666331616435376662396334336561613538
+36616463626634626662343538376238393761363464636233656463616566396434623832336462
+65386436366165343231383830326330366435643065303730313762353736353561666230613337
+64633231623731336533373366623863643430653637333766373365316266336461666430336137
+34393963313839373936633633373730643330333031656565363530383762616233373937343230
+31356334313866623234306632656439333062323934626238393237626662356363626465376436
+30356133653634326638303965633735663236626132353037653131616339613230336434626666
+33363836643036383730303864303663356632306332646635646263313564363230313566643163
+63633439633032626563353536616139613534343335656666393364336330363064646366636537
+64653164653534393530363637663134343564356430386238336365613837346439656665623164
+35303136326164343766623939343862653865646532306563646631396639396631303062323436
+38383665316265643233366563663339346332333462393039613134646138313134326532666632
+37636136363534376632633230616365323966653937663436353531353138636439323133633632
+33626439313434613237626231633237393266323666666334333062653236636339663461336631
+38346162616235623833306166373733623564316235616331316166383962333337326666653962
+36616536633966393537343261303932383062636661333962346430353432663438623039303961
+64383837303237343337623962326261313162376534323661666333393133376439393566303938
+66623231333338666638383836386165643636306165386466653437363661386463336462643736
+37303331393162623833343533623839636565363064393931366362396164353738636662386337
+32303735653865316663316539343463653632386339653961326233366664303764386236643864
+63306462613232656336623161646136333536396632363264633539303538636635663865636165
+31316537613036306465623938623634316365636535613630363162653665366237613262313039
+37386462663336323265
diff --git a/infra/vagrant/provisioning/prod.inventory b/infra/vagrant/provisioning/prod.inventory
@@ -5,8 +5,6 @@
 my-stamps.ru ansible_host=46.101.232.167
 
 [all:vars]
-ansible_ssh_private_key_file=/Users/coder/.ssh/mystamps_rsa
-
 # https://docs.ansible.com/ansible/2.10/reference_appendices/python_3_support.html#using-python-3-on-the-managed-machines-with-commands-and-playbooks
 # https://docs.ansible.com/ansible/2.10/reference_appendices/interpreter_discovery.html
 ansible_python_interpreter=/usr/bin/python3
diff --git a/src/main/scripts/ci/deploy.sh b/src/main/scripts/ci/deploy.sh
@@ -38,6 +38,8 @@ fi
 
 printf '%s' "$VAULT_PASSWORD" >"$PASS_FILE"
 
+# LATER: consider specifying private key via env variable
+# https://docs.ansible.com/ansible/2.10/reference_appendices/config.html#envvar-ANSIBLE_PRIVATE_KEY_FILE
 for FILE in "$PRIVATE_KEY" "$VARS_FILE"; do
 	FILENAME="$(basename "$FILE")"
 	echo "Decrypting ${FILENAME}.enc to $FILENAME"