Create zuul-connections host group to manage SSH keys

This group will be used to manage SSH keys needed for github / gerrit
connections.

Change-Id: I17364e75e107cfb1bbe8fed7c3f0fff6c0eb5771
Signed-off-by: Paul Belanger <pabelanger@redhat.com>

inventory/testing/group_vars/zuul-connections.yaml

@@ -0,0 +1,76 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+---
+# windmill.ssh
+zuul_connections_ssh:
+  - ssh_key_private_content: |
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIJKAIBAAKCAgEA4sxcS8zPIPc3Hviv6cGVmUmvsMqMRX8lU3EBM22+yDNKfL/8
+      uAj0B8y9QzWKeFPncmwvtxI3Z0igFyD+5C0coQSg7SMgSoWdFPdlkctPQAZ5jafp
+      FmhAMp6UpYqSAD9IlaYIzbEaR7yx+WH5vhBLCyKmQSyhC97oewfhZMg1qDoeKQZn
+      HcskUsIS4Bq8KMRGsAtEjiNWzR2EPNhJWsx74H+0t+0QDLW/kbi9PhXibETw5a8r
+      0G7Jm0ZEXwaSu84lC62Afj4EYmDbYXX8qoR0+CdE7e5jXpn8HoZ+5Y2lqHfz4HHW
+      RwBQ8F9a6VRDi7ypH9qFMNg/spZenwM0pMxhr3l0buty0MMhGohTbXgDXEqyJm05
+      3ASjCDYHWw8XVANv+NctLDsGgp+0PgVZVJkGu82VU3LSpURtDrSymewIYt89ELvX
+      8oH1ZgkVRT5f7+FRGnT0TV4ueSWX3pnI9RyRJ4tJtDPCnudJEKTwg3t2cM889ubY
+      cQrbwQMdzGNdRBewdRWGA2Y08h7eBOly2L0Csn5ZvEdJWunaYZWOKrqvX00tjKLX
+      iFF/YA9IcyK1+QiDmm53BWBhTUqSMDMGwMtNyHl3K9p0Vv2bKMA7bbOWLTAihx0X
+      ILe8eFx2XmCev6RLnEkOx835TuYBhYmlGKbOCvy19A/SGgiBVINgXLaoQY8CAwEA
+      AQKCAgAB6emJdjP1OkDL0Rti5JBHl9iUrFDcsUL2Xki9T1rBw7UIMnKGdwTgH/kk
+      3QnLFCIq1ADfEZdIFtPK/itIb50DOs/E0HwQROpbZ+8CeO21Q5i4+ka8Oqr4AmCM
+      uQucVuxc3ubKHYl0O4Jg8VOzJ94KPQOcHy1ItVvO1fUv7YSOY9cnT3eFR9aJoDua
+      in819NoH2EB+1ot/9ZTNEqIj0v/kmA9FUgnFoa75Is7t/C9J7Jb/ySecfaLT3Zbs
+      GlkYnpevbopcBlfxIJIZU26LXczC30n0nANYpAH9m/LsKvLP5hs3tJ4zQSxtqtBQ
+      kbZ0MmZW73gaPmjjL+Oigdtq3JKibVnoZUSEeNZOYOwPzu+rzjk8TOX7S11+QH+h
+      G8ZANnu+lmVjg/VsqUWPk/ERq76I7MUzOfd4LnIC7tUQuA3fzDSduAbX4PLFubSp
+      wySzjoonAacmyLEAQSqNBQtxVRFYr/TvKm5a4zvnrCsivssueB0Oa5vSPhyKmPmZ
+      ukKKfOSj1/0ohr2nGNh41EHnXrqHdeS+h9iolE9q9Y/uq6kietCmNB3Clrh/o5V+
+      P4NkdfPmw9GQf95oUxjFe/Rh/yPHhqUfQC/G5kMlv7lS66dDpKlUiKoKxGLBaF7b
+      pGkINC0O6s2xQGh2pSqBSQjNXbVeadPOta1fygeROGeXFnTYOQKCAQEA8k1zk2ln
+      3dXFnqIRs0dkQdISJvya66jcqHmxh606QAXQYbycXHX0OESDoeKDRLla1cvWCJmr
+      OE3xg084SiyJCZMwLzbI2uUfcB9G3ezpCRkGmFgmCBi3sIZx0/yL2oPyFIWEkdzN
+      gJIwVgVs3XKp7WICnRqPom+cF3i9RofDuEDs+CgtJOOFiYljZ3os+LXU3zCN80uz
+      9XnY6861FPLRD0AuINExz2J1JTsRd1RoH5LhIG8EiLhilVLVqABJBXdXiSZltb8M
+      mlUmPoEUGsvSflu/MmCEsj8b6s4JNDbA4/Mpv7L4XogLsEJnAsY6BbrZ0IwvE2yF
+      h9cd777WGAhCiwKCAQEA756I60ngoVioIm3lQm3adLgGUxIc1BldFxkvl3NdeV2g
+      Stx3LF1Y2EnWZQQwx3n5IWSSoeo1zf/sMdoZXCUP9eCJrxbKYrYn0qWwsbXTz47b
+      AvXCfYiWU9PE6p5oGIljJ1FSpVwuLWg4sZxuJMLYVkUuTy9d95FQMmGb6GYNXYZW
+      SkUQKwO6H/ItcApvSw81YfWZdE7uQp0NiHeZBLotDMwHlfKRime+5dMhUb089bwU
+      oatFJ8oogdFe1hTXW3eyA+vnVNcLaUUUKFlMpTQ6UuNkY7v3BT9slpGkrFNXiZk2
+      4fV6NbVJ3MtozwwNJg74JDDtf9R3nTOWaoSYpv0xjQKCAQAhHZ7HLefJNNdOh/39
+      T6uPJ2PdujZ+MNT/nao6zd0hNOo3AW0pYeGf8xU+gdPJB8A3aiV1hXMWPejdNm2O
+      DaopCdnTChzHdfsm+s9Xs3JiEO6K0blY7+/jC2zxORnwIopqbZkhyli30sMSbqlj
+      VrGMxRFwYVnyLGjb+F9+DT4dp5n7jJom6YWtt35DfTo6P7e5TUyJTPZqfV29VMIA
+      +/LAr9feGllBa8Zw8TLA6WNVtWBZa3LmMLUgjXKwBGH2gkoPb5UFEvho+2w/rKqP
+      wv2g0W8/NlvMdL2fCMvPPBB+1xQEpDQ3z0Yxr9GeWnNBpzjvvMkOUY2qdCceRinC
+      nRZjAoIBAQDiiYg6ogq7n3y9qBYR+peIt55LFRmqMByBRO9oiMn7fteXTt1gVRQ0
+      z4Hg2NhhDmDJADNc3ndlvSmJa/+DzQpM0653mN1X+4ykqr7lE9kfJpjKMJxiYCp3
+      MAPAKGiToffa6Rhweziw9xJ6YEEFgixTS25fsJFvB7PBHeTvDuRd4i5cYvTJJenm
+      X+gzP7o+RS+b4Dzm5+R7l81+kktZW8ZRjecyDTUpm7GvyC58/6LNU7ZRrgFgf9BS
+      AyZc0TFVKVFkQbffzrrcGFHZX6uFmF33lUGIxODh1jeMFj+QJ+7fiLmJYLHcavtc
+      wfXhoSwhKg/Q72zp6G35chcntxo27bLVAoIBAEZlZfr/ifq9gmgTxjHQ//GJ80SV
+      7y0K75e0bt/BkMU8EiqqsX5CywxSTH54tACzDIduMq0EFp+sK3bEzD7vPQ1QqJ3N
+      L2XkOO05o506RC4DbuwmQtYOCok+4IPuCF6FduCa0cYo/S8+UBxbjusauZET46J9
+      r7KG1PGaIGfwQCcf4mzlAutR977M/FyN967J/gtP5QTBof1HEqPsTvaxe595KeUe
+      csgN17HFJXSaBudMf84xmCOc7rULAItXqmLIeNHTztjbjB4IAwpDon0qe+EfVt7z
+      eqZTcm7faWJiFVZNdnGD4uc0P+syWLmp1uX2hJfV/0WI+yPeDoRk6q+97W4=
+      -----END RSA PRIVATE KEY-----
+
+    ssh_key_private_dest: /var/lib/zuul/.ssh/gerrit_id_rsa
+    ssh_key_public_content: |
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDizFxLzM8g9zce+K/pwZWZSa+wyoxFfyVTcQEzbb7IM0p8v/y4CPQHzL1DNYp4U+dybC+3EjdnSKAXIP7kLRyhBKDtIyBKhZ0U92WRy09ABnmNp+kWaEAynpSlipIAP0iVpgjNsRpHvLH5Yfm+EEsLIqZBLKEL3uh7B+FkyDWoOh4pBmcdyyRSwhLgGrwoxEawC0SOI1bNHYQ82ElazHvgf7S37RAMtb+RuL0+FeJsRPDlryvQbsmbRkRfBpK7ziULrYB+PgRiYNthdfyqhHT4J0Tt7mNemfwehn7ljaWod/PgcdZHAFDwX1rpVEOLvKkf2oUw2D+yll6fAzSkzGGveXRu63LQwyEaiFNteANcSrImbTncBKMINgdbDxdUA2/41y0sOwaCn7Q+BVlUmQa7zZVTctKlRG0OtLKZ7Ahi3z0Qu9fygfVmCRVFPl/v4VEadPRNXi55JZfemcj1HJEni0m0M8Ke50kQpPCDe3Zwzzz25thxCtvBAx3MY11EF7B1FYYDZjTyHt4E6XLYvQKyflm8R0la6dphlY4quq9fTS2MoteIUX9gD0hzIrX5CIOabncFYGFNSpIwMwbAy03IeXcr2nRW/ZsowDtts5YtMCKHHRcgt7x4XHZeYJ6/pEucSQ7HzflO5gGFiaUYps4K/LX0D9IaCIFUg2BctqhBjw== gerrit@example.org
+
+    ssh_key_public_dest: /var/lib/zuul/.ssh/gerrit_id_rsa.pub
+    ssh_user_home: /var/lib/zuul
+    ssh_user_name: zuul

inventory/testing/group_vars/zuul-executor.yaml

@@ -34,8 +34,8 @@ logrotate_configs:
       - notifempty
 
 # windmill.ssh
-ssh_user_name: "{{ zuul_user_name|default('zuul') }}"
-ssh_user_home: "{{ zuul_user_home|default('/var/lib/zuul') }}"
+ssh_user_name: zuul
+ssh_user_home: /var/lib/zuul
 
 ssh_key_private_content: |
   -----BEGIN RSA PRIVATE KEY-----

inventory/testing/group_vars/zuul-scheduler.yaml

@@ -32,66 +32,3 @@ logrotate_configs:
       - rotate 7
       - daily
       - notifempty
-
-# windmill.ssh
-ssh_user_name: "{{ zuul_user_name|default('zuul') }}"
-ssh_user_home: "{{ zuul_user_home|default('/var/lib/zuul') }}"
-
-ssh_key_private_content: |
-  -----BEGIN RSA PRIVATE KEY-----
-  MIIJKAIBAAKCAgEA4sxcS8zPIPc3Hviv6cGVmUmvsMqMRX8lU3EBM22+yDNKfL/8
-  uAj0B8y9QzWKeFPncmwvtxI3Z0igFyD+5C0coQSg7SMgSoWdFPdlkctPQAZ5jafp
-  FmhAMp6UpYqSAD9IlaYIzbEaR7yx+WH5vhBLCyKmQSyhC97oewfhZMg1qDoeKQZn
-  HcskUsIS4Bq8KMRGsAtEjiNWzR2EPNhJWsx74H+0t+0QDLW/kbi9PhXibETw5a8r
-  0G7Jm0ZEXwaSu84lC62Afj4EYmDbYXX8qoR0+CdE7e5jXpn8HoZ+5Y2lqHfz4HHW
-  RwBQ8F9a6VRDi7ypH9qFMNg/spZenwM0pMxhr3l0buty0MMhGohTbXgDXEqyJm05
-  3ASjCDYHWw8XVANv+NctLDsGgp+0PgVZVJkGu82VU3LSpURtDrSymewIYt89ELvX
-  8oH1ZgkVRT5f7+FRGnT0TV4ueSWX3pnI9RyRJ4tJtDPCnudJEKTwg3t2cM889ubY
-  cQrbwQMdzGNdRBewdRWGA2Y08h7eBOly2L0Csn5ZvEdJWunaYZWOKrqvX00tjKLX
-  iFF/YA9IcyK1+QiDmm53BWBhTUqSMDMGwMtNyHl3K9p0Vv2bKMA7bbOWLTAihx0X
-  ILe8eFx2XmCev6RLnEkOx835TuYBhYmlGKbOCvy19A/SGgiBVINgXLaoQY8CAwEA
-  AQKCAgAB6emJdjP1OkDL0Rti5JBHl9iUrFDcsUL2Xki9T1rBw7UIMnKGdwTgH/kk
-  3QnLFCIq1ADfEZdIFtPK/itIb50DOs/E0HwQROpbZ+8CeO21Q5i4+ka8Oqr4AmCM
-  uQucVuxc3ubKHYl0O4Jg8VOzJ94KPQOcHy1ItVvO1fUv7YSOY9cnT3eFR9aJoDua
-  in819NoH2EB+1ot/9ZTNEqIj0v/kmA9FUgnFoa75Is7t/C9J7Jb/ySecfaLT3Zbs
-  GlkYnpevbopcBlfxIJIZU26LXczC30n0nANYpAH9m/LsKvLP5hs3tJ4zQSxtqtBQ
-  kbZ0MmZW73gaPmjjL+Oigdtq3JKibVnoZUSEeNZOYOwPzu+rzjk8TOX7S11+QH+h
-  G8ZANnu+lmVjg/VsqUWPk/ERq76I7MUzOfd4LnIC7tUQuA3fzDSduAbX4PLFubSp
-  wySzjoonAacmyLEAQSqNBQtxVRFYr/TvKm5a4zvnrCsivssueB0Oa5vSPhyKmPmZ
-  ukKKfOSj1/0ohr2nGNh41EHnXrqHdeS+h9iolE9q9Y/uq6kietCmNB3Clrh/o5V+
-  P4NkdfPmw9GQf95oUxjFe/Rh/yPHhqUfQC/G5kMlv7lS66dDpKlUiKoKxGLBaF7b
-  pGkINC0O6s2xQGh2pSqBSQjNXbVeadPOta1fygeROGeXFnTYOQKCAQEA8k1zk2ln
-  3dXFnqIRs0dkQdISJvya66jcqHmxh606QAXQYbycXHX0OESDoeKDRLla1cvWCJmr
-  OE3xg084SiyJCZMwLzbI2uUfcB9G3ezpCRkGmFgmCBi3sIZx0/yL2oPyFIWEkdzN
-  gJIwVgVs3XKp7WICnRqPom+cF3i9RofDuEDs+CgtJOOFiYljZ3os+LXU3zCN80uz
-  9XnY6861FPLRD0AuINExz2J1JTsRd1RoH5LhIG8EiLhilVLVqABJBXdXiSZltb8M
-  mlUmPoEUGsvSflu/MmCEsj8b6s4JNDbA4/Mpv7L4XogLsEJnAsY6BbrZ0IwvE2yF
-  h9cd777WGAhCiwKCAQEA756I60ngoVioIm3lQm3adLgGUxIc1BldFxkvl3NdeV2g
-  Stx3LF1Y2EnWZQQwx3n5IWSSoeo1zf/sMdoZXCUP9eCJrxbKYrYn0qWwsbXTz47b
-  AvXCfYiWU9PE6p5oGIljJ1FSpVwuLWg4sZxuJMLYVkUuTy9d95FQMmGb6GYNXYZW
-  SkUQKwO6H/ItcApvSw81YfWZdE7uQp0NiHeZBLotDMwHlfKRime+5dMhUb089bwU
-  oatFJ8oogdFe1hTXW3eyA+vnVNcLaUUUKFlMpTQ6UuNkY7v3BT9slpGkrFNXiZk2
-  4fV6NbVJ3MtozwwNJg74JDDtf9R3nTOWaoSYpv0xjQKCAQAhHZ7HLefJNNdOh/39
-  T6uPJ2PdujZ+MNT/nao6zd0hNOo3AW0pYeGf8xU+gdPJB8A3aiV1hXMWPejdNm2O
-  DaopCdnTChzHdfsm+s9Xs3JiEO6K0blY7+/jC2zxORnwIopqbZkhyli30sMSbqlj
-  VrGMxRFwYVnyLGjb+F9+DT4dp5n7jJom6YWtt35DfTo6P7e5TUyJTPZqfV29VMIA
-  +/LAr9feGllBa8Zw8TLA6WNVtWBZa3LmMLUgjXKwBGH2gkoPb5UFEvho+2w/rKqP
-  wv2g0W8/NlvMdL2fCMvPPBB+1xQEpDQ3z0Yxr9GeWnNBpzjvvMkOUY2qdCceRinC
-  nRZjAoIBAQDiiYg6ogq7n3y9qBYR+peIt55LFRmqMByBRO9oiMn7fteXTt1gVRQ0
-  z4Hg2NhhDmDJADNc3ndlvSmJa/+DzQpM0653mN1X+4ykqr7lE9kfJpjKMJxiYCp3
-  MAPAKGiToffa6Rhweziw9xJ6YEEFgixTS25fsJFvB7PBHeTvDuRd4i5cYvTJJenm
-  X+gzP7o+RS+b4Dzm5+R7l81+kktZW8ZRjecyDTUpm7GvyC58/6LNU7ZRrgFgf9BS
-  AyZc0TFVKVFkQbffzrrcGFHZX6uFmF33lUGIxODh1jeMFj+QJ+7fiLmJYLHcavtc
-  wfXhoSwhKg/Q72zp6G35chcntxo27bLVAoIBAEZlZfr/ifq9gmgTxjHQ//GJ80SV
-  7y0K75e0bt/BkMU8EiqqsX5CywxSTH54tACzDIduMq0EFp+sK3bEzD7vPQ1QqJ3N
-  L2XkOO05o506RC4DbuwmQtYOCok+4IPuCF6FduCa0cYo/S8+UBxbjusauZET46J9
-  r7KG1PGaIGfwQCcf4mzlAutR977M/FyN967J/gtP5QTBof1HEqPsTvaxe595KeUe
-  csgN17HFJXSaBudMf84xmCOc7rULAItXqmLIeNHTztjbjB4IAwpDon0qe+EfVt7z
-  eqZTcm7faWJiFVZNdnGD4uc0P+syWLmp1uX2hJfV/0WI+yPeDoRk6q+97W4=
-  -----END RSA PRIVATE KEY-----
-
-ssh_key_private_dest: "{{ ssh_user_home }}/.ssh/gerrit_id_rsa"
-
-ssh_key_public_content: |
-  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDizFxLzM8g9zce+K/pwZWZSa+wyoxFfyVTcQEzbb7IM0p8v/y4CPQHzL1DNYp4U+dybC+3EjdnSKAXIP7kLRyhBKDtIyBKhZ0U92WRy09ABnmNp+kWaEAynpSlipIAP0iVpgjNsRpHvLH5Yfm+EEsLIqZBLKEL3uh7B+FkyDWoOh4pBmcdyyRSwhLgGrwoxEawC0SOI1bNHYQ82ElazHvgf7S37RAMtb+RuL0+FeJsRPDlryvQbsmbRkRfBpK7ziULrYB+PgRiYNthdfyqhHT4J0Tt7mNemfwehn7ljaWod/PgcdZHAFDwX1rpVEOLvKkf2oUw2D+yll6fAzSkzGGveXRu63LQwyEaiFNteANcSrImbTncBKMINgdbDxdUA2/41y0sOwaCn7Q+BVlUmQa7zZVTctKlRG0OtLKZ7Ahi3z0Qu9fygfVmCRVFPl/v4VEadPRNXi55JZfemcj1HJEni0m0M8Ke50kQpPCDe3Zwzzz25thxCtvBAx3MY11EF7B1FYYDZjTyHt4E6XLYvQKyflm8R0la6dphlY4quq9fTS2MoteIUX9gD0hzIrX5CIOabncFYGFNSpIwMwbAy03IeXcr2nRW/ZsowDtts5YtMCKHHRcgt7x4XHZeYJ6/pEucSQ7HzflO5gGFiaUYps4K/LX0D9IaCIFUg2BctqhBjw== gerrit@example.org
-ssh_key_public_dest: "{{ ssh_user_home }}/.ssh/gerrit_id_rsa.pub"

inventory/testing/hosts

@@ -40,3 +40,8 @@ zuul-fingergw
 zuul-merger
 zuul-scheduler
 zuul-web
+
+[zuul-connections:children]
+zuul-executor
+zuul-merger
+zuul-scheduler

playbooks/zuul.yaml

@@ -12,8 +12,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 ---
-- name: Bootstrap zuul-executor and zuul-scheduler
-  hosts: zuul-executor, zuul-scheduler
+- name: Bootstrap SSH keys for zuul-connections
+  hosts: zuul-connections
 
   tasks:
     # NOTE(pabelanger): Because of ordering issues create the required home
@@ -28,11 +28,23 @@
     - name: Setup openstack.ssh role
       include_role:
         name: openstack.ssh
+      with_items: "{{ zuul_connections_ssh }}"
+      vars:
+        ssh_key_private_content: "{{ item.ssh_key_private_content }}"
+        ssh_key_private_dest: "{{ item.ssh_key_private_dest }}"
+        ssh_key_public_content: "{{ item.ssh_key_public_content }}"
+        ssh_key_public_dest: "{{ item.ssh_key_public_dest }}"
+        ssh_user_name: "{{ item.ssh_user_name }}"
+        ssh_user_home: "{{ item.ssh_user_home }}"
 
 - name: Bootstrap zuul-executor
   hosts: zuul-executor
 
   tasks:
+    - name: Setup openstack.ssh role
+      include_role:
+        name: openstack.ssh
+
     # TODO(pabelanger): I'm thinking we should likely create
     # ansible-role-bubblewrap to allow user to better manage this dependency.
     - name: Ensure bubblewrap is present