diff options
| author | Christopher Baines <mail@cbaines.net> | 2018-06-23 09:57:03 +0100 |
|---|---|---|
| committer | Christopher Baines <mail@cbaines.net> | 2018-06-23 12:58:05 +0100 |
| commit | 837e1ecec9798381f78b838947f8028403cb0bef (patch) | |
| tree | 984e25f96a490a3cbd1b20d6f50903aa6dacfd1d | |
| parent | 0736fd5ab32eeb57de52fb6d581d16c2824b2fc2 (diff) | |
| download | govuk-mini-environment-admin-837e1ecec9798381f78b838947f8028403cb0bef.tar govuk-mini-environment-admin-837e1ecec9798381f78b838947f8028403cb0bef.tar.gz | |
Handle SSH keys via the database
This makes it more explicit, and works around Terraform being
unpredictable when dealing with SSH agents.
| -rw-r--r-- | app/controllers/backends/terraform_aws_controller.rb | 4 | ||||
| -rw-r--r-- | app/models/backends/terraform_aws.rb | 8 | ||||
| -rw-r--r-- | app/views/backends/terraform_aws/new.html.erb | 38 | ||||
| -rw-r--r-- | app/views/backends/terraform_aws/show.html.erb | 40 | ||||
| -rw-r--r-- | db/migrate/20180623083735_add_ssh_key_fields_to_terraform_aws_backends.rb | 6 | ||||
| -rw-r--r-- | db/structure.sql | 7 | ||||
| -rw-r--r-- | terraform/aws/backend/main.tf | 19 | ||||
| -rw-r--r-- | terraform/aws/mini_environment/main.tf | 14 |
8 files changed, 118 insertions, 18 deletions
diff --git a/app/controllers/backends/terraform_aws_controller.rb b/app/controllers/backends/terraform_aws_controller.rb index 6e8ed55..bffac9d 100644 --- a/app/controllers/backends/terraform_aws_controller.rb +++ b/app/controllers/backends/terraform_aws_controller.rb @@ -67,7 +67,9 @@ class Backends::TerraformAwsController < ApplicationController :vpc_id, :route_53_zone_id, :aws_access_key_id, - :aws_secret_access_key + :aws_secret_access_key, + :ssh_public_key, + :ssh_private_key ) end diff --git a/app/models/backends/terraform_aws.rb b/app/models/backends/terraform_aws.rb index 1f16188..026f1e4 100644 --- a/app/models/backends/terraform_aws.rb +++ b/app/models/backends/terraform_aws.rb @@ -32,6 +32,8 @@ # domain :string # route_53_zone_id :string not null # vpc_id :string not null +# ssh_public_key :string +# ssh_private_key :string # require 'ruby_terraform' @@ -164,7 +166,7 @@ class Backends::TerraformAws < ApplicationRecord aws_access_key: aws_access_key_id, aws_secret_key: aws_secret_access_key, aws_region: aws_region, - ssh_public_key: ssh_public_key, + ssh_private_key: ssh_private_key, aws_route_53_zone_id: route_53_zone_id } end @@ -188,10 +190,6 @@ class Backends::TerraformAws < ApplicationRecord "backend/terraform_aws/#{id}" end - def ssh_public_key - File.open("#{ENV['HOME']}/.ssh/id_rsa.pub", &:readline) - end - def guix_public_key "(entry #{File.read("/etc/guix/signing-key.pub")} (tag (guix import)))" end diff --git a/app/views/backends/terraform_aws/new.html.erb b/app/views/backends/terraform_aws/new.html.erb index bcbf3b4..790e5eb 100644 --- a/app/views/backends/terraform_aws/new.html.erb +++ b/app/views/backends/terraform_aws/new.html.erb @@ -145,6 +145,44 @@ License along with the GOV.UK Mini Environment Admin. If not, see </div> <div class="form-group form-group-lg"> + <%= f.label( + :ssh_public_key, + 'SSH Key, public part', + class: 'col-sm-4 control-label' + ) %> + <div class="col-sm-8"> + <%= f.text_area( + :ssh_public_key, + class: 'form-control', + placeholder: 'The public part of the SSH key to use' + ) %> + <span class="help-block"> + <p> + </p> + </span> + </div> + </div> + + <div class="form-group form-group-lg"> + <%= f.label( + :ssh_private_key, + 'SSH Key, private part', + class: 'col-sm-4 control-label' + ) %> + <div class="col-sm-8"> + <%= f.text_area( + :ssh_private_key, + class: 'form-control', + placeholder: 'The private part of the SSH key to use' + ) %> + <span class="help-block"> + <p> + </p> + </span> + </div> + </div> + + <div class="form-group form-group-lg"> <div class="col-sm-offset-4 col-sm-8"> <%= f.submit "Create", class: 'btn btn-lg btn-success' %> </div> diff --git a/app/views/backends/terraform_aws/show.html.erb b/app/views/backends/terraform_aws/show.html.erb index 81ce150..3a1b329 100644 --- a/app/views/backends/terraform_aws/show.html.erb +++ b/app/views/backends/terraform_aws/show.html.erb @@ -156,6 +156,46 @@ License along with the GOV.UK Mini Environment Admin. If not, see </div> <div class="form-group form-group-lg"> + <%= f.label( + :ssh_public_key, + 'SSH Key, public part', + class: 'col-sm-4 control-label' + ) %> + <div class="col-sm-8"> + <%= f.text_area( + :ssh_public_key, + class: 'form-control', + placeholder: 'The public part of the SSH key to use', + readonly: true + ) %> + <span class="help-block"> + <p> + </p> + </span> + </div> + </div> + + <div class="form-group form-group-lg"> + <%= f.label( + :ssh_private_key, + 'SSH Key, private part', + class: 'col-sm-4 control-label' + ) %> + <div class="col-sm-8"> + <%= text_area_tag( + :ssh_private_key, + 'Secret key hidden', + class: 'form-control', + disabled: true + ) %> + <span class="help-block"> + <p> + </p> + </span> + </div> + </div> + + <div class="form-group form-group-lg"> <div class="col-sm-offset-2 col-sm-10"> <%= f.submit "Save", class: 'btn btn-lg btn-success' %> </div> diff --git a/db/migrate/20180623083735_add_ssh_key_fields_to_terraform_aws_backends.rb b/db/migrate/20180623083735_add_ssh_key_fields_to_terraform_aws_backends.rb new file mode 100644 index 0000000..2a93530 --- /dev/null +++ b/db/migrate/20180623083735_add_ssh_key_fields_to_terraform_aws_backends.rb @@ -0,0 +1,6 @@ +class AddSshKeyFieldsToTerraformAwsBackends < ActiveRecord::Migration[5.1] + def change + add_column :terraform_aws_backends, :ssh_public_key, :string + add_column :terraform_aws_backends, :ssh_private_key, :string + end +end diff --git a/db/structure.sql b/db/structure.sql index 342e36c..f766762 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -432,7 +432,9 @@ CREATE TABLE public.terraform_aws_backends ( updated_at timestamp without time zone NOT NULL, domain character varying, route_53_zone_id character varying NOT NULL, - vpc_id character varying NOT NULL + vpc_id character varying NOT NULL, + ssh_public_key character varying, + ssh_private_key character varying ); @@ -874,6 +876,7 @@ INSERT INTO "schema_migrations" (version) VALUES ('20180601182655'), ('20180603120426'), ('20180621065525'), -('20180621220505'); +('20180621220505'), +('20180623083735'); diff --git a/terraform/aws/backend/main.tf b/terraform/aws/backend/main.tf index 57e9348..346ab0d 100644 --- a/terraform/aws/backend/main.tf +++ b/terraform/aws/backend/main.tf @@ -26,6 +26,10 @@ variable "ssh_public_key" { type = "string" } +variable "ssh_private_key" { + type = "string" +} + variable "guix_substitute_servers" { type = "map" default = { @@ -237,8 +241,9 @@ resource "aws_spot_instance_request" "main" { destination = "/home/ubuntu/guix-daemon.service" connection { - type = "ssh" - user = "ubuntu" + type = "ssh" + user = "ubuntu" + private_key = "${var.ssh_private_key}" } } @@ -247,8 +252,9 @@ resource "aws_spot_instance_request" "main" { destination = "/home/ubuntu/acl" connection { - type = "ssh" - user = "ubuntu" + type = "ssh" + user = "ubuntu" + private_key = "${var.ssh_private_key}" } } @@ -305,8 +311,9 @@ EOF ] connection { - type = "ssh" - user = "ubuntu" + type = "ssh" + user = "ubuntu" + private_key = "${var.ssh_private_key}" } } } diff --git a/terraform/aws/mini_environment/main.tf b/terraform/aws/mini_environment/main.tf index b69f8f5..afeda8d 100644 --- a/terraform/aws/mini_environment/main.tf +++ b/terraform/aws/mini_environment/main.tf @@ -30,6 +30,10 @@ variable "backend_remote_state_address" { type = "string" } +variable "ssh_private_key" { + type = "string" +} + provider "aws" { access_key = "${var.aws_access_key}" secret_key = "${var.aws_secret_key}" @@ -79,8 +83,9 @@ resource "aws_spot_instance_request" "main" { destination = "/home/ubuntu/govuk.service" connection { - type = "ssh" - user = "ubuntu" + type = "ssh" + user = "ubuntu" + private_key = "${var.ssh_private_key}" } } @@ -109,8 +114,9 @@ resource "aws_spot_instance_request" "main" { ] connection { - type = "ssh" - user = "ubuntu" + type = "ssh" + user = "ubuntu" + private_key = "${var.ssh_private_key}" } } } |