From 943ed2315f8661c018f5b89a1cc50dbb05bd996d Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Tue, 15 Apr 2014 10:54:52 -0700
Subject: [PATCH] Zuul use dedicated ssh key.

Zuul should use a dedicated ssh key rather than piggy backing off of the
jenkins ssh key. This change makes this distinction clear and removes
one zuul use of the jenkins ssh key that is not necessary.

Change-Id: I74c811a8bf94838b285791e158f4e468513eaa3e
---
 manifests/site.pp                                  | 7 +++----
 modules/openstack_project/manifests/git_backend.pp | 8 +-------
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 611f1fe7a1..6fc551fc8b 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -354,7 +354,6 @@ node /^git\d+\.openstack\.org$/ {
     vhost_name              => 'git.openstack.org',
     sysadmins               => hiera('sysadmins'),
     git_gerrit_ssh_key      => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
-    git_zuul_ssh_key        => $openstack_project::jenkins_ssh_key,
     ssl_cert_file_contents  => hiera('git_ssl_cert_file_contents'),
     ssl_key_file_contents   => hiera('git_ssl_key_file_contents'),
     ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'),
@@ -433,7 +432,7 @@ node 'zuul.openstack.org' {
     gerrit_server        => 'review.openstack.org',
     gerrit_user          => 'jenkins',
     gerrit_ssh_host_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
-    zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
+    zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
     url_pattern          => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
     zuul_url             => 'http://zuul.openstack.org/p',
     sysadmins            => hiera('sysadmins'),
@@ -461,7 +460,7 @@ node 'zm01.openstack.org' {
     gerrit_server        => 'review.openstack.org',
     gerrit_user          => 'jenkins',
     gerrit_ssh_host_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
-    zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
+    zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
     sysadmins            => hiera('sysadmins'),
   }
 }
@@ -472,7 +471,7 @@ node 'zm02.openstack.org' {
     gerrit_server        => 'review.openstack.org',
     gerrit_user          => 'jenkins',
     gerrit_ssh_host_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
-    zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
+    zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
     sysadmins            => hiera('sysadmins'),
   }
 }
diff --git a/modules/openstack_project/manifests/git_backend.pp b/modules/openstack_project/manifests/git_backend.pp
index 747f1ce90d..6e13138784 100644
--- a/modules/openstack_project/manifests/git_backend.pp
+++ b/modules/openstack_project/manifests/git_backend.pp
@@ -19,7 +19,6 @@ class openstack_project::git_backend (
   $vhost_name = $::fqdn,
   $sysadmins = [],
   $git_gerrit_ssh_key = '',
-  $git_zuul_ssh_key = '',
   $ssl_cert_file_contents = '',
   $ssl_key_file_contents = '',
   $ssl_chain_file_contents = '',
@@ -184,12 +183,7 @@ class openstack_project::git_backend (
   }
 
   file { '/home/zuul/.ssh/authorized_keys':
-    owner   => 'zuul',
-    group   => 'zuul',
-    mode    => '0600',
-    content => $git_zuul_ssh_key,
-    replace => true,
-    require => File['/home/zuul/.ssh']
+    ensure => absent,
   }
 
   cron { 'mirror_repack_zuul':