Skip to content

Continuous Deployment Role#

Creates a user (called off by default) and adds a SSH public key to its authorized_keys. Those are used to setup a CI/CD using GitHub Actions.

Setup a new node#

To setup a new node, create a file called host_vars/<node_name>/continuous-deployment.yml with the following variable:

continuous_deployment__ssh_public_keys:

  - "ssh-ed25519 AAAAC3Nz[...] off@<node_name>"

The SSH public keys put in this are used to authenticate the deployer users. The corresponding private key should be added to the GitHub Actions secrets (use a different key for each repository).

A public/private keypair can be generated with

ssh-keygen -t ed25519 -C "off@<node_name>"

Note on testing connection#

If you want to test the connection is ok, with the private key, you have to remember that -i option only applies to the final connection, not the proxy jump connection.

So you have to either configure the proxy connection in your .ssh/config, or specify the whole proxy command. Something like: 

ssh -F /dev/null \
  off@10.13.1.200 -o "IdentitiesOnly=yes"  -i ~/.ssh/test-key \
  -o "ProxyCommand=ssh -i ~/.ssh/test-key -o IdentitiesOnly=yes -W %h:%p off@scaleway-02.infra.openfoodfacts.org"

Defaults#

---
# Deployment user
continuous_deployment__user: "off"

# Public keys of deployers (ideally one per repo that deploy on the VM)
continuous_deployment__ssh_public_keys: []
# Eventual proxy jump host
continuous_deployment__proxy_jump_host: