gerrit.wikimedia.org
Gitiles
Code ReviewSign In
gerrit.wikimedia.org / operations / debs / wmf-sre-laptop / 59fe40a102f9320ccbc0626867c521765d5557ca^! / .
commit59fe40a102f9320ccbc0626867c521765d5557ca[log] [tgz]
authorGiuseppe Lavagetto <glavagetto@wikimedia.org>Sun Nov 08 08:41:55 2020 +0100
committerGiuseppe Lavagetto <glavagetto@wikimedia.org>Sun Nov 08 08:54:33 2020 +0100
tree9b97c2bc6c81ee66321466b44fa7e822c4fb8493
parente3ee76850c0db45b09aa6db82ab7901453009e49 [diff]
Use a single "ssh-agent" systemd unit We can use instance support instead, making the unit of more general use for people who have other systems to ssh into. Change-Id: I554b3784b2e74d07d919d24bd33088ffc4d8e864
diff --git a/configs/ssh-agent@.service b/configs/ssh-agent@.service new file mode 100644 index 0000000..c148cb2 --- /dev/null +++ b/configs/ssh-agent@.service
@@ -0,0 +1,11 @@ +[Unit]+Description=SSH authentication agent for %i services​+Before=default.target​+​+[Service]​+Type=forking​+Environment=SSH_AUTH_SOCK=%t/ssh-%i.socket​+ExecStart=/usr/bin/ssh-agent -a $SSH_AUTH_SOCK​+​+[Install]​+WantedBy=default.target
diff --git a/configs/ssh-wmf-cloud.service b/configs/ssh-wmf-cloud.service deleted file mode 100644 index a5f7f91..0000000 --- a/configs/ssh-wmf-cloud.service +++ /dev/null
@@ -1,11 +0,0 @@ -[Unit]-Description=SSH authentication agent for Wikimedia Cloud services​-Before=default.target​-​-[Service]​-Type=forking​-Environment=SSH_AUTH_SOCK=%t/ssh-wmf-cloud.socket​-ExecStart=/usr/bin/ssh-agent -a $SSH_AUTH_SOCK​-​-[Install]​-WantedBy=default.target
diff --git a/configs/ssh-wmf-prod.service b/configs/ssh-wmf-prod.service deleted file mode 100644 index 1b47183..0000000 --- a/configs/ssh-wmf-prod.service +++ /dev/null
@@ -1,11 +0,0 @@ -[Unit]-Description=SSH authentication agent for Wikimedia production​-Before=default.target​-​-[Service]​-Type=forking​-Environment=SSH_AUTH_SOCK=%t/ssh-wmf-prod.socket​-ExecStart=/usr/bin/ssh-agent -a $SSH_AUTH_SOCK​-​-[Install]​-WantedBy=default.target
diff --git a/debian/wmf-laptop-sre.install b/debian/wmf-laptop-sre.install index 2a9f64b..3967f5a 100644 --- a/debian/wmf-laptop-sre.install +++ b/debian/wmf-laptop-sre.install
@@ -1,6 +1,5 @@ configs/ssh-client-config /usr/share/wmf-sre-laptop/​-configs/ssh-wmf-cloud.service /usr/lib/systemd/user/​-configs/ssh-wmf-prod.service /usr/lib/systemd/user/​+configs/ssh-agent.service /usr/lib/systemd/user/ configs/pws-trusted-users /usr/share/wmf-sre-laptop/ scripts/pws /usr/bin/
diff --git a/docs/SETUP.ssh b/docs/SETUP.ssh index f67c19f..8cec66e 100644 --- a/docs/SETUP.ssh +++ b/docs/SETUP.ssh
@@ -16,8 +16,8 @@ - Enable the systemd user units which start separate SSH agents for the two keys (as your user, no sudo needed. This is a one time change) - systemctl --user start ssh-wmf-cloud.service- systemctl --user start ssh-wmf-prod.service+ systemctl --user start ssh-agent@cloud.service+ systemctl --user start ssh-agent@prod.service - Before using the SSH keys you need to load the keys into the SSH agents, unfortunately it's a bit hacky as ssh-add doesn't allow to specify the auth socket via an option, so
Powered by Gitiles
txt
json