Merge "Create a template for ssh-key and size"

roles/add-build-sshkey/README.rst

@@ -11,12 +11,30 @@ newly generated private key.
 **Role Variables**
 
 .. zuul:rolevar:: zuul_temp_ssh_key
+   :default: ``{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa``
 
    Where to put the newly-generated SSH private key.
 
+.. zuul:rolevar:: zuul_ssh_key_dest
+   :default: ``id_{{ zuul_ssh_key_algorithm }}``
+
+   File name for the the newly-generated SSH private key.
+
 .. zuul:rolevar:: zuul_build_sshkey_cleanup
    :default: false
 
    Remove previous build sshkey. Set it to true for single use static node.
    Do not set it to true for multi-slot static nodes as it removes the
    build key configured by other jobs.
+
+.. zuul:rolevar:: zuul_ssh_key_algorithm
+   :default: rsa
+
+   The digital signature algorithm to be used to generate the key. Default value
+   'rsa'.
+
+.. zuul:rolevar:: zuul_ssh_key_size
+   :default: 3072
+
+   Specifies the number of bits in the key to create. The default length is
+   3072 bits (RSA).

roles/add-build-sshkey/tasks/create-key-and-replace.yaml

@@ -1,5 +1,5 @@
 - name: Create Temp SSH key
-  command: ssh-keygen -t rsa -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }}
+  command: ssh-keygen -t {{ zuul_ssh_key_algorithm }} -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }} -b {{ zuul_ssh_key_size }}
   delegate_to: localhost
   run_once: true
 

roles/add-build-sshkey/tasks/remote-linux.yaml

@@ -20,13 +20,13 @@
 - name: Install build private key as SSH key on all nodes
   copy:
     src: "{{ zuul_temp_ssh_key }}"
-    dest: "~/.ssh/id_rsa"
+    dest: "~/.ssh/{{ zuul_ssh_key_dest }}"
     mode: 0600
     force: no
 
 - name: Install build public key as SSH key on all nodes
   copy:
     src: "{{ zuul_temp_ssh_key }}.pub"
-    dest: "~/.ssh/id_rsa.pub"
+    dest: "~/.ssh/{{ zuul_ssh_key_dest }}.pub"
     mode: 0644
     force: no

roles/add-build-sshkey/tasks/remote-windows.yaml

@@ -11,14 +11,14 @@
     # We use scp here as this is much more performant than ansible copy
     echo "Copy build ssh keys to node"
     ssh -o BatchMode=yes -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} powershell "md -Force -Path .ssh"
-    scp -B {{ zuul_temp_ssh_key }} {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa
-    scp -B {{ zuul_temp_ssh_key }}.pub {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa.pub
+    scp -B {{ zuul_temp_ssh_key }} {{ ansible_user }}@{{ ansible_host }}:.ssh/{{ zuul_ssh_key_dest }}
+    scp -B {{ zuul_temp_ssh_key }}.pub {{ ansible_user }}@{{ ansible_host }}:.ssh/{{ zuul_ssh_key_dest }}.pub
 
     echo "Add build ssh keys to authorized_keys"
     {% if win_admin_ssh | default(false) %}
-    ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\id_rsa.pub >> %programdata%\\ssh\\administrators_authorized_keys"
+    ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\{{ zuul_ssh_key_dest }}.pub >> %programdata%\\ssh\\administrators_authorized_keys"
     {% else %}
-    ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\id_rsa.pub >> .ssh\\authorized_keys"
+    ssh -o BatchMode=yes {{ ansible_user }}@{{ ansible_host }} cmd /c "type .ssh\\{{ zuul_ssh_key_dest }}.pub >> .ssh\\authorized_keys"
     {% endif %}
   register: windows_remote_ssh
   # Ignore errors here because this should not break non-ssh enabled windows hosts

roles/add-build-sshkey/vars/main.yaml

@@ -1,2 +1,5 @@
-zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
 zuul_build_sshkey_cleanup: false
+zuul_ssh_key_algorithm: "rsa"
+zuul_ssh_key_size: "3072"
+zuul_ssh_key_dest: "id_{{ zuul_ssh_key_algorithm }}"
+zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_{{ zuul_ssh_key_algorithm }}"

roles/remove-build-sshkey/vars/main.yaml

@@ -1 +1 @@
-zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.build }}_id_rsa"
+zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.build }}_id_{{ zuul_ssh_key_algorithm }}"