From 57e735b4cc32ee6266df005e54396d698c69ecca Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <lwirzenius@wikimedia.org>
Date: Sun, 7 Jul 2019 18:56:04 +0300
Subject: Add: testuser@testenv and ssh access via deployer ssh key

---
 components.yml               |  1 +
 roles/apache2/tasks/main.yml | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/components.yml b/components.yml
index 44947e2..ecdea68 100644
--- a/components.yml
+++ b/components.yml
@@ -5,6 +5,7 @@
     - apache2
   vars:
     hostname: testenv
+    deployer_ssh_pub: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/deployer_ssh.pub') }}"
 
 - hosts: artifacts
   remote_user: root
diff --git a/roles/apache2/tasks/main.yml b/roles/apache2/tasks/main.yml
index 2757ee4..7a08132 100644
--- a/roles/apache2/tasks/main.yml
+++ b/roles/apache2/tasks/main.yml
@@ -1,3 +1,14 @@
+- name: "create testuser account"
+  user:
+    name: testuser
+    password_lock: yes
+
+- name: "allow deployer access to testuser via ssh"
+  authorized_key:
+    user: testuser
+    key: "{{ deployer_ssh_pub }}"
+    exclusive: yes
+
 - name: "create /srv/http"
   file:
     state: directory
-- 
cgit v1.2.1