fix(ansible): replace steward key on reprovision + distinct agent update path
Provisioning review corrections + the matching frontend, plus breadcrumb header integration. - provision.yml: authorize the managed pubkey with a regexp match on the ' steward-managed' comment so rotating the key REPLACES the host's steward key in place instead of stacking a second authorized entry. Hand-added keys (other comments) are untouched. - update.yml (new): refresh agent.py + restart only. Does NOT rotate the token or rewrite /etc/steward-agent.conf — the host keeps its identity. Asserts the agent is already installed and fails clearly otherwise. - host_agent /update route: runs update.yml as the managed steward user (no token minting). Token rotation stays a deliberate action. - settings/ansible/generate-key honors a safe relative `next` redirect, so an inline trigger elsewhere returns to its page. - Host Agents settings: reworked into a clear lifecycle — an intro card that explains it runs Ansible to deploy the agent (+ inline "generate managed key" warning/trigger when none exists), then three labelled cards: 1 Provision, 2 Install/enroll, 3 Update. Each explains what it does. - base.html: breadcrumb now renders as a kicker line directly above the page title (moved below alerts, tightened margin) so nested and top-level views share one consistent header. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -50,9 +50,13 @@
|
||||
group: "{{ steward_user }}"
|
||||
mode: "0700"
|
||||
|
||||
- name: Authorize the managed public key
|
||||
- name: Authorize the managed public key (replace any prior steward-managed key)
|
||||
ansible.builtin.lineinfile:
|
||||
path: "/home/{{ steward_user }}/.ssh/authorized_keys"
|
||||
# Match on the ' steward-managed' comment so a rotated key REPLACES the
|
||||
# old one in place rather than stacking a second authorized key. Any
|
||||
# keys the operator added by hand (different comment) are left untouched.
|
||||
regexp: ' steward-managed$'
|
||||
line: "{{ steward_pubkey }}"
|
||||
create: true
|
||||
owner: "{{ steward_user }}"
|
||||
|
||||
Reference in New Issue
Block a user