How to properly configure ssh authorization for pipeline in gitlab ci to run ansible-playbook?

U

Username2021-06-25 22:15:41

linux

Username, 2021-06-25 22:15:41

Task: installing\updating the application on a group of linux servers.

gitlab-runner is only installed on one server for ansible from which the playbook is running.

gitlab-ci.yml is something like this:

stages:
  - install_zabbix_agent

install_zabbix_agent:
  stage: install_zabbix_agent
  script:
    - 'ansible-playbook playbooks/zabbix-agent-linux.yml  -i environments/inventory'
  tags:
    - zabbix

Ideas so far are:

Create a key for the gitlab-runner user, roll it out to all servers, add it to variables
Or create a common account with a username \ password and register everything in inventory

How to do it correctly and safely so as not to burn the private key or password?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

ky0, 2021-06-25
@ky0

Gitlab has secrets where, among other things, you can put SSH keys.
But in general, since you already have runners running on your hosts, it means that you already have access and it is enough to add the gitlab-runnernecessary rights to the user, for example, via sudo.

V

Vasily Shakhunov, 2021-06-28
@inf

3. Give access to the user from which the ansible script is executed on other machines. Just scatter the public key on the rest of the servers.