feat: make user can execute the script

gigascience · Sep 9, 2024 · 1adfa18 · 1adfa18
1 parent ccab65c
commit 1adfa18
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/ops/infrastructure/roles/bastion-users/tasks/main.yml b/ops/infrastructure/roles/bastion-users/tasks/main.yml
@@ -194,5 +194,28 @@
       mode: 0644
   when: credentials_csv_path is defined
 
+- name: Ensure user has GIGADB_ENV set
+  ansible.builtin.lineinfile:
+    path: "/home/{{ newuser }}/.bash_profile"
+    insertafter: '# User specific environment and startup programs\n'
+    line: "GIGADB_ENV={{ gigadb_environment }}"
+
+- name: get private key of upstream
+  ansible.builtin.uri:
+    url: "{{ gitlab_misc_url }}/variables/id_rsa_aws_hk_gigadb_pem"
+    method: GET
+    headers:
+      PRIVATE-TOKEN: "{{ gitlab_private_token }}"
+    body_format: json
+  register: private_key_from_gl
+
+- name: copy private key
+  ansible.builtin.copy:
+    content: "{{ private_key_from_gl.json.value  }}"
+    dest: "/home/{{ newuser }}/.ssh/id-rsa-aws-hk-gigadb.pem"
+    owner: "{{ newuser }}"
+    group: "{{ newuser }}"
+    mode: g-rw,o-rw
+
 - name: Restart systemd sshd service
   command: systemctl restart sshd.service