From c4b111691b66cca73f4113b527c422a97faec411 Mon Sep 17 00:00:00 2001
From: Monty Taylor <mordred@inaugust.com>
Date: Fri, 17 Aug 2018 08:43:10 -0500
Subject: [PATCH] Install ssh key on bridge.openstack.org

We copied this over from puppetmaster, but let's manage it in ansible.

The key has been renamed in host_vars on bridge.openstack.org already.

Change-Id: Ia102dbe2ae2836880092b8997cb99135f5197b00
---
 manifests/site.pp                                   |  1 -
 modules/openstack_project/manifests/puppetmaster.pp | 13 -------------
 playbooks/bridge.yaml                               |  1 +
 playbooks/roles/root-keys/tasks/main.yaml           | 11 +++++++++++
 4 files changed, 12 insertions(+), 14 deletions(-)
 create mode 100644 playbooks/roles/root-keys/tasks/main.yaml

diff --git a/manifests/site.pp b/manifests/site.pp
index 919ecf0f55..d78792b1a4 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -191,7 +191,6 @@ node 'puppetmaster.openstack.org' {
     pin_puppet                => '3.6.',
   }
   class { 'openstack_project::puppetmaster':
-    root_rsa_key                               => hiera('puppetmaster_root_rsa_key'),
     puppetmaster_clouds                        => hiera('puppetmaster_clouds'),
   }
   file { '/etc/openstack/limestone_cacert.pem':
diff --git a/modules/openstack_project/manifests/puppetmaster.pp b/modules/openstack_project/manifests/puppetmaster.pp
index 044bbc4f76..e4d043f7e7 100644
--- a/modules/openstack_project/manifests/puppetmaster.pp
+++ b/modules/openstack_project/manifests/puppetmaster.pp
@@ -29,19 +29,6 @@ class openstack_project::puppetmaster (
     ],
   }
 
-  if ! defined(File['/root/.ssh']) {
-    file { '/root/.ssh':
-      ensure => directory,
-      mode   => '0700',
-    }
-  }
-
-  file { '/root/.ssh/id_rsa':
-    ensure  => present,
-    mode    => '0400',
-    content => $root_rsa_key,
-  }
-
 # Cloud credentials are stored in this directory for launch-node.py.
   file { '/root/ci-launch':
     ensure => directory,
diff --git a/playbooks/bridge.yaml b/playbooks/bridge.yaml
index d716f552bc..90c9d73a05 100644
--- a/playbooks/bridge.yaml
+++ b/playbooks/bridge.yaml
@@ -2,3 +2,4 @@
   roles:
     - pip3
     - install-ansible
+    - root-keys
diff --git a/playbooks/roles/root-keys/tasks/main.yaml b/playbooks/roles/root-keys/tasks/main.yaml
new file mode 100644
index 0000000000..b896a97424
--- /dev/null
+++ b/playbooks/roles/root-keys/tasks/main.yaml
@@ -0,0 +1,11 @@
+- name: Ensure .ssh directory
+  file:
+    path: /root/.ssh
+    mode: 0700
+    state: directory
+
+- name: Write out ssh private key
+  copy:
+    content: '{{ root_rsa_key }}'
+    mode: 0400
+    dest: /root/.ssh/id_rsa