Trellis v1.12.0 released

Trellis v1.12.0 has been released

  • Improve support for adding public SSH keys (#1344)
  • Update default Vagrant IP to 192.168.56.5 (#1341)
  • Remove old WP customizer frame options hack (#1338)
  • Fix #1319 - Improve how ssh_args are loaded (#1337)
  • Fix #1331 - Improve passlib instructions(#1336)

Some additional notes:

  • Vagrant’s IP change shouldn’t be breaking, but just be aware it did change.
  • the new public_keys folder is part of a larger effort to help people set up continuous deployments for Trellis sites. There will be more news on this soon with a trellis-cli release as well.
4 Likes

Does this mean the SSH public key files don’t have to reside in default SSH keys directory (~/.ssh/) anymore? That is great! I always wanted to store the public key files directly in the Trellis folder.

They never needed to; that was just the default values we provided. You could have done what that change does manually by just adding new entries to users.yml.

This change just makes it more built-in with a standard public_keys folder. However, the public keys in that dir are only added to the deploy web user and not all users.

1 Like

As @swalkinshaw said this isn’t a requirement, but it also supports URLs; at my old agency we just configured it to pull the list of keys from a users github, i.e.:

# Documentation: https://roots.io/trellis/docs/ssh-keys/
admin_user: admin

# Also define 'vault_users' (`group_vars/staging/vault.yml`, `group_vars/production/vault.yml`)
users:
  - name: "{{ web_user }}"
    groups:
      - "{{ web_group }}"
    keys:
      - https://github.com/alwaysblank.keys
  - name: "{{ admin_user }}"
    groups:
      - sudo
    keys:
      - https://github.com/alwaysblank.keys

web_user: web
web_group: www-data
web_sudoers:
  - "/usr/sbin/service php7.4-fpm *"

(Although if you did this you’d probably want to make sure you had a system for removing people when they left your organization.)

2 Likes

So for clarification I need to summarize this and ask if I got it right:
The public keys in public_keys/ directory in Trellis directory are added as authorized keys to the web user, meant for site deployment.

There is also an users key as 2nd way to add SSH public keys to the web and also the admin users (and add extra users if needed):

Have I understood this correctly?
And the public_keys/ directory as extra mechanism for adding ssh authorized keys to web user is meant to make site deployments easier?

Yes that’s all correct. I realized after it maybe should have been called deploy_public_keys or something more specific.

1 Like

This topic was automatically closed after 42 days. New replies are no longer allowed.