companion: generate ssh keypair to be used with ssh plugin

2 files changed, 32 insertions, 2 deletions

diff --git a/roles/streaming/companion/tasks/main.yml b/roles/streaming/companion/tasks/main.yml
index b222dee2..ad085edb 100644
--- a/roles/streaming/companion/tasks/main.yml
+++ b/roles/streaming/companion/tasks/main.yml
@@ -1,13 +1,36 @@
 ---
 - name: prepare storage volume
   vars:
-    storage_volume: "{{ companion_storage | combine({'owner': 1000, 'group': 1000}) }}"
+    storage_volume: "{{ companion_storage }}"
   include_role:
     name: "storage/{{ companion_storage.type }}/volume"
 
 - set_fact:
     companion_basepath: "{{ storage_volume_mountpoint }}"
 
+- name: create data/secrets directories
+  loop:
+  - dir: data
+    mode: "0750"
+  - dir: secrets
+    mode: "0500"
+  loop_control:
+    label: "{{ item.dir }}"
+  file:
+    path: "{{ companion_basepath }}/{{ item.dir }}"
+    state: directory
+    mode: "{{ item.mode }}"
+    owner: 1000
+    group: 1000
+
+- name: generate ssh keypair for ssh plugin
+  openssh_keypair:
+    path: "{{ companion_basepath }}/secrets/id_ed25519"
+    type: ed25519
+    comment: "companion@{{ inventory_hostname }}"
+    owner: 1000
+    group: 1000
+
 - name: install udev rules
   template:
     src: udev.rules.j2
diff --git a/roles/streaming/companion/templates/pod-spec.yml.j2 b/roles/streaming/companion/templates/pod-spec.yml.j2
index f01637fe..3be3e488 100644
--- a/roles/streaming/companion/templates/pod-spec.yml.j2
+++ b/roles/streaming/companion/templates/pod-spec.yml.j2
@@ -12,6 +12,9 @@ containers:
     mountPath: /dev/bus/usb
   - name: data
     mountPath: /companion
+  - name: secrets
+    mountPath: /secrets
+    readOnly: yes
 volumes:
 - name: dev-usb
   hostPath:
@@ -19,4 +22,8 @@ volumes:
 - name: data
   hostPath:
     type: Directory
-    path: "{{ companion_basepath }}"
+    path: "{{ companion_basepath }}/data"
+- name: secrets
+  hostPath:
+    type: Directory
+    path: "{{ companion_basepath }}/secrets"