Skip to content

How to grant SSH access to the servers

Jump to bottom
Kjetil Klepper edited this page Nov 29, 2021 · 17 revisions

SSH access is provided by the Ansible playbook https://github.com/usegalaxy-no/infrastructure-playbook/blob/master/env/common/system.yml.

The documentation below describes how to add a new "galaxyadmin" user to the test servers. If you want to add a "sysadmin" instead, just change any occurrence of "galaxyadmin" with "sysadmin". If you want to grant access on the production servers instead, change the directory env/test to env/main.

  1. Clone the "infrastructure-playbook" GitHub repository to your local computer.
git clone https://github.com/usegalaxy-no/infrastructure-playbook
cd infrastructure-playbook/env/test

  1. To access the vault, you need to have the password file named "vault_password" in your current directory (in this case env/test). If you don't have this password you can ask another administrator.

  2. Decrypt the file files/ssh/galaxyadmin/authorized_keys.vault (under the env/test directory) by running the following command. The file will be decrypted in place.

ansible-vault decrypt files/ssh/galaxyadmin/authorized_keys.vault

Note that this file is shared between "test" and "main", as both env/test/files and env/main/files are symlinks to env/common/files.

  1. Open the file in a text editor and add the public SSH key for the new user.

  2. Encrypt the file again, and double-check afterwards to make sure it is really encrypted!!!

ansible-vault encrypt files/ssh/galaxyadmin/authorized_keys.vault
  1. Run the "system.yml" playbook from inside the env/test directory to update the test servers:
ansible-playbook system.yml --tags "users"
  1. Commit the modified file back to the GitHub repository.
git add ../common/files/ssh/galaxyadmin/authorized_keys.vault
git commit -m "Added SSH key for new galaxyadmin"
git push

P.S.:

If you get complaints about missing modules when running the playbook, you may have to install some additional Python stuff by running the following command in the infrastructure-playbook root directory. (You can create a virtual environment to install the modules in if you want.)

pip install -r requirements.txt
Clone this wiki locally