Merge "Add roles for per-build SSH keys"

roles/add-build-sshkey/tasks/create-key-and-replace.yaml

@@ -0,0 +1,20 @@
+- name: Create Temp SSH key
+  command: ssh-keygen -t rsa -b 1024 -N '' -f {{ zuul_temp_ssh_key }}
+  delegate_to: localhost
+
+- name: Distribute it to all nodes
+  authorized_key:
+    user: "{{ ansible_ssh_user }}"
+    state: present
+    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
+
+- name: Remove all keys from local agent
+  command: ssh-add -d
+  delegate_to: localhost
+
+- name: Add back temp key
+  command: ssh-add {{ zuul_temp_ssh_key }}
+  delegate_to: localhost
+
+- name: Verify we can still SSH to all nodes
+  ping:

roles/add-build-sshkey/tasks/main.yaml

@@ -0,0 +1,9 @@
+- name: Check to see if ssh key was already created for this build
+  stat: "{{ zuul_temp_ssh_key }}"
+  register: zuul_temp_ssh_key_stat
+  delegate_to: localhost
+  failed_when: false
+
+- name: Create a new key in workspace based on build UUID
+  include: create-key-and-replace.yaml
+  when: zuul_temp_ssh_key_stat is defined

roles/add-build-sshkey/vars/main.yml

@@ -0,0 +1 @@
+zuul_temp_ssh_key: "{{ zuul.uuid }}_id_rsa"

roles/remove-build-sshkey/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: Remove the build SSH key from all nodes
+  authorized_key:
+    user: "{{ ansible_ssh_user }}"
+    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
+    state: absent