Merge pull request #1184 from buildkite/add-missing-auth-keys-systemd-units

Add missing authorized keys systemd units

Author: sj26

goss.yaml

@@ -8,6 +8,12 @@ file:
     owner: buildkite-agent
     group: buildkite-agent
 
+  /etc/systemd/system/refresh_authorized_keys.service:
+    exists: true
+
+  /etc/systemd/system/refresh_authorized_keys.timer:
+    exists: true
+
   /var/lib/buildkite-agent/builds:
     filetype: directory
     exists: true
@@ -128,6 +134,13 @@ command:
   wget --version:
     exit-status: 0
 
+  # Check refresh authorized keys gear is present, but disabled.
+  # disabled: The unit file is not enabled, but contains an [Install] section with installation instructions.
+  systemctl is-enabled refresh_authorized_keys.timer:
+    exit-status: 1
+    stdout:
+    - /disabled/
+
   systemctl is-enabled docker-gc.timer:
     exit-status: 0
 

packer/linux/conf/ssh/systemd/refresh_authorized_keys.service

@@ -1,10 +1,6 @@
 [Unit]
 Description=Download ssh authorized_keys file from s3
-Wants=refresh_authorized_keys.service
 
 [Service]
 Type=oneshot
 ExecStart=/usr/local/bin/refresh_authorized_keys
-
-[Install]
-WantedBy=multi-user.target

packer/linux/scripts/install-buildkite-utils.sh

@@ -25,3 +25,6 @@ sudo curl -Lf -o /usr/bin/lifecycled \
 sudo chmod +x /usr/bin/lifecycled
 sudo curl -Lf -o /etc/systemd/system/lifecycled.service \
   https://raw.githubusercontent.com/buildkite/lifecycled/${LIFECYCLED_VERSION}/init/systemd/lifecycled.unit
+
+echo "Adding authorized keys systemd units..."
+sudo cp /tmp/conf/ssh/systemd/* /etc/systemd/system