0

I create VM instance using ansible module gcp_compute_instance My code:

---
- name: Create jenkins node-1
  hosts: localhost
  connection: local
  gather_facts: no
  vars:
    address: <my ip>
    project_id: geocitizen-app
    machine_type: f1-micro
    machine_name: jenkins-node-1
    image: https://www.googleapis.com/compute/v1/projects/centos-cloud/global/images/centos-7-v20191014
    zone: europe-north1-a
    service_email: log@project-app.iam.gserviceaccount.com
    startup_script_url: gs://project/startup.sh
    service_account_scope: https://www.googleapis.com/auth/devstorage.read_only
  tasks:
   - name: Launch instances
     gcp_compute_instance:
       auth_kind: serviceaccount
       name: "{{ machine_name }}"
       machine_type: "{{ machine_type }}"
       project: "{{ project_id }}"
       zone: "{{ zone }}"
       network_interfaces:
       - network:
         access_configs:
         - name: External NAT
           nat_ip: 
             address: "{{ node_1_ip }}"
           type: ONE_TO_ONE_NAT
       disks:
       - auto_delete: 'true'
         boot: 'true'
         initialize_params:
           source_image: "{{ image }}"
       tags:
         items:
         - jenkins-server
         - http-server
       service_accounts:
       - email: "{{ service_email }}"
         scopes: 
         - "{{ service_account_scope }}"
       metadata:
         startup-script-url: "{{ startup_script_url }}"

At this point I have startup-script. This script deploy my public key to newly created VM instance:

#! /bin/sh
iniFile=/var/opt/inited.ini
if test -f "$iniFile"; then
    exit 0
else
    useradd ssh
    runuser -l ssh -c "mkdir -p ~/.ssh"
    runuser -l ssh -c "echo 'ssh-rsa <my public key>' >> ~/.ssh/authorized_keys"
    runuser -l ssh -c "chmod -R go= ~/.ssh"
    touch /var/opt/inited.ini
fi

Can I add public key when I create VM without using startup script? I read https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys But i don't understand how I can use it in my playbook.

Danylo Mysko
  • 47
  • 5

2 Answers2

1

As per the link, You can add keys via metadata. You can try the following. 

   metadata:
     ssh-keys: "[USERNAME]:ssh-rsa [NEW_KEY_VALUE] [USERNAME]"

Replace [USERNAME] & [NEW_KEY_VALUE] with actual key value.

Vigneshwar
  • 26
  • 1
0

use ssh-keys in metadata, e.g.:

    - name: Ensure instances
      google.cloud.gcp_compute_instance:
        name: "{{ item.name }}"
        machine_type: "{{ item.machine_type }}"
        disks:
          - auto_delete: true
            boot: true
            source: "{{ disk }}"
        network_interfaces:
          - network: "{{ network }}"
            subnetwork: "{{ subnet }}"
            access_configs:
            - name: External NAT
              nat_ip: "{{ address }}"
              type: ONE_TO_ONE_NAT
        zone: "{{ item.zone }}"
        metadata:
          ssh-keys: "root:{{ lookup('file',  'you_id_rsa.pub') }}"
        tags:
          items:
            - "{{ gcp.project }}"
        project: "{{ gcp.project }}"
        auth_kind: serviceaccount
        service_account_file: "{{ gcp.service_account_file }}"
        state: present
dylanninin
  • 101