Zuul use dedicated ssh key.

Zuul should use a dedicated ssh key rather than piggy backing off of the jenkins ssh key. This change makes this distinction clear and removes one zuul use of the jenkins ssh key that is not necessary. Change-Id: I74c811a8bf94838b285791e158f4e468513eaa3e
2014-04-15 10:54:52 -07:00 · 2014-04-15 10:54:52 -07:00 · 943ed2315f
parent fdddcd6b97
commit 943ed2315f
2 changed files with 4 additions and 11 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -354,7 +354,6 @@ node /^git\d+\.openstack\.org$/ {
    vhost_name              => 'git.openstack.org',
    sysadmins               => hiera('sysadmins'),
    git_gerrit_ssh_key      => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
-    git_zuul_ssh_key        => $openstack_project::jenkins_ssh_key,
    ssl_cert_file_contents  => hiera('git_ssl_cert_file_contents'),
    ssl_key_file_contents   => hiera('git_ssl_key_file_contents'),
    ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'),
@ -433,7 +432,7 @@ node 'zuul.openstack.org' {
    gerrit_server        => 'review.openstack.org',
    gerrit_user          => 'jenkins',
    gerrit_ssh_host_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
-    zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
+    zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
    url_pattern          => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
    zuul_url             => 'http://zuul.openstack.org/p',
    sysadmins            => hiera('sysadmins'),
@ -461,7 +460,7 @@ node 'zm01.openstack.org' {
    gerrit_server        => 'review.openstack.org',
    gerrit_user          => 'jenkins',
    gerrit_ssh_host_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
-    zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
+    zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
    sysadmins            => hiera('sysadmins'),
  }
 }
@ -472,7 +471,7 @@ node 'zm02.openstack.org' {
    gerrit_server        => 'review.openstack.org',
    gerrit_user          => 'jenkins',
    gerrit_ssh_host_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
-    zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
+    zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
    sysadmins            => hiera('sysadmins'),
  }
 }
--- a/modules/openstack_project/manifests/git_backend.pp
+++ b/modules/openstack_project/manifests/git_backend.pp
@ -19,7 +19,6 @@ class openstack_project::git_backend (
  $vhost_name = $::fqdn,
  $sysadmins = [],
  $git_gerrit_ssh_key = '',
-  $git_zuul_ssh_key = '',
  $ssl_cert_file_contents = '',
  $ssl_key_file_contents = '',
  $ssl_chain_file_contents = '',
@ -184,12 +183,7 @@ class openstack_project::git_backend (
  }

  file { '/home/zuul/.ssh/authorized_keys':
-    owner   => 'zuul',
-    group   => 'zuul',
-    mode    => '0600',
-    content => $git_zuul_ssh_key,
-    replace => true,
-    require => File['/home/zuul/.ssh']
+    ensure => absent,
  }

  cron { 'mirror_repack_zuul':