This is meant to be used in the Hetzner cloud sandbox project, so SSH
keys can be injected when a new VM is created from e.g. a CI pipeline,
so that the CI pipeline can SSH to the newly created VM.
The EC2 metadata service is used over the Hetzner metadata service, as
it is supported by more providers (including Hetzner).
A new Hetzner cloud project has been created called "Sandbox". This
project is meant for non-production workload which must be created
on-demand from e.g. a CI pipeline. The first project using the sandbox
is aurweb, which wants to use GitLab's Review apps[1] feature to create
dynamic environments on-demand.
Two API tokens have been created, one for the infrastructure project (to
be used by packer) and for the aurweb project.
[1] https://docs.gitlab.com/ee/ci/review_apps/
As of version 1.7.0, HCL2 is the preferred way to write Packer
templates. The documentation reflect this and it is easier if we use the
preferred format.
We make almost no use of the dynamic properties of the hcloud inventory,
so we can simplify this by declaring all cloud servers in the main hosts
inventory.
The main benefit of this change is that temporary and experimental cloud
servers are not automatically included in the Ansible playbooks. In such
cases it is usually incorrect to deploy changes to these unknown servers.
A smaller side benefit is that Ansible will now use hostnames to connect
to cloud servers, whereas the dynamic inventory provided IPv4 addresses.
This results in more meaningful ~/.ssh/known_hosts entries.
Now that misc/get_key.py checks if the vault file passed to it exists,
we cannot pass paths only resolvable from the root directory. Instead,
use paths that make sense relative to the current directory and avoid
calling chdir when loading the vault file.
Fixes: 7754214604 ("Rewrite get_key.py to use click instead of typer")
The repro3.pkgbuild.com machine was a packet.net box with an Ubuntu
installation. Now converted to an Arch Linux installation managed by
ansible with a new rebuilderd_worker role.
Prefer using our maintained version of checkservices from the contrib
repository hosted on our Gitlab repository. This has the benefit of
getting rid of a submodule which isn't cloned by default.
Some playbooks that use jmespath query like the matrix playbook while
getting changes for the "install irc-bridge registration" require the
python-jmespath package on client side to work, document this.