laforge submitted this change.

View Change

ansible/jenkins: add gerrit ssh key to known_hosts

Add the key to known hosts to prevent host key verification failed
errors when attempting to use the gerrit API from jenkins (to post
review comments) or when attempting to clone over ssh from gerrit (as
we do for some reason apparently).

Change-Id: I50981f201c5ca1425e30677b2578491f5111fc0c
---
M ansible/roles/osmocom-jenkins-slave/tasks/main.yml
1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/osmocom-jenkins-slave/tasks/main.yml b/ansible/roles/osmocom-jenkins-slave/tasks/main.yml
index 2623201..e5ebbe1 100644
--- a/ansible/roles/osmocom-jenkins-slave/tasks/main.yml
+++ b/ansible/roles/osmocom-jenkins-slave/tasks/main.yml
@@ -22,11 +22,18 @@
     shell: /bin/bash
     uid: 1000
 
-- name: setup jenkins ssh key
+- name: setup jenkins ssh key (authorized_keys)
   authorized_key:
     user: "{{ jenkins_user }}"
     key: "{{ lookup('file', 'jenkins.osmocom.org.pub') }}"
 
+- name: setup gerrit ssh key (known_hosts)
+  known_hosts:
+    name: '[gerrit.osmocom.org]:29418'
+    key: '[gerrit.osmocom.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDI4wZwtcGz2V98iZWWEtsA162PolLtgQTBjnC14ONzZGQkTh9bTPsoSxnM5TKOm4F2bzq7gb+Qrsj4ZECD19qztmD37kMP9jn7/2i1V8oLAy9ojyklXAdBVTliQteVI7ieDOyKCnGbszvFWXY2isoO1k7yJLv0QyL7F5AuZlxeHw=='
+    path: /etc/ssh/ssh_known_hosts
+    state: present
+
 - name: install ttcn3 dependencies
   include_tasks: ttcn3-slave.yml
   when: ttcn3_slave and ansible_distribution == 'Debian' and ansible_distribution_version|int >= 9 and not (ansible_architecture == "armv7l" or ansible_architecture == "arm64")

To view, visit change 30346. To unsubscribe, or for help writing mail filters, visit settings.