Added afs to wheel mirror slaves

This removes the SSH keys from the wheel mirror slaves, and
replaces them with the AFS share. It does not yet add afs
credentials. As we have not yet provisioned our wheel slaves,
no manual updates of the servers should be required.

Hiera keys for the previous approach should be removed.

Change-Id: Ifebf5d53d80e934674704078f7dd675f77aef5aa

manifests/site.pp

@@ -1139,16 +1139,6 @@ node /.*wheel-mirror-.*\.openstack\.org/ {
   class { 'openstack_project::wheel_mirror_slave':
     sysadmins                      => hiera('sysadmins', []),
     jenkins_ssh_public_key         => $openstack_project::jenkins_ssh_key,
-    pypi_mirror_bhs1_host_key      => hiera('pypi_mirror_bhs1_host_key'),
-    pypi_mirror_dfw_host_key       => hiera('pypi_mirror_dfw_host_key'),
-    pypi_mirror_gra1_host_key      => hiera('pypi_mirror_gra1_host_key'),
-    pypi_mirror_iad_host_key       => hiera('pypi_mirror_iad_host_key'),
-    pypi_mirror_nyj01_host_key     => hiera('pypi_mirror_nyj01_host_key'),
-    pypi_mirror_ord_host_key       => hiera('pypi_mirror_ord_host_key'),
-    pypi_mirror_hp1_host_key       => hiera('pypi_mirror_hp1_host_key'),
-    pypi_mirror_regionone_host_key => hiera('pypi_mirror_regionone_host_key'),
-    wheel_mirror_ssh_public_key    => hiera('wheel_mirror_ssh_public_key_contents'),
-    wheel_mirror_ssh_private_key   => hiera('wheel_mirror_ssh_private_key_contents'),
   }
 }
 

modules/openstack_project/manifests/slave.pp

@@ -8,6 +8,7 @@ class openstack_project::slave (
   $jenkins_gitfullname = 'OpenStack Jenkins',
   $jenkins_gitemail = 'jenkins@openstack.org',
   $project_config_repo = 'https://git.openstack.org/openstack-infra/project-config',
+  $afs = false,
 ) {
 
   include openstack_project
@@ -18,6 +19,7 @@ class openstack_project::slave (
     iptables_public_udp_ports => [],
     certname                  => $certname,
     sysadmins                 => $sysadmins,
+    afs                       => $afs
   }
 
   class { 'jenkins::slave':

modules/openstack_project/manifests/wheel_mirror_slave.pp

@@ -17,16 +17,7 @@
 #
 class openstack_project::wheel_mirror_slave (
   $jenkins_ssh_public_key,
-  $pypi_mirror_bhs1_host_key,
-  $pypi_mirror_dfw_host_key,
-  $pypi_mirror_gra1_host_key,
-  $pypi_mirror_iad_host_key,
-  $pypi_mirror_nyj01_host_key,
-  $pypi_mirror_ord_host_key,
-  $pypi_mirror_hp1_host_key,
-  $pypi_mirror_regionone_host_key,
-  $wheel_mirror_ssh_public_key,
-  $wheel_mirror_ssh_private_key,
+  $project_config_repo = 'https://git.openstack.org/openstack-infra/project-config',
   $sysadmins = [],
   $jenkins_gitfullname = 'OpenStack Jenkins',
   $jenkins_gitemail = 'jenkins@openstack.org',
@@ -37,29 +28,7 @@ class openstack_project::wheel_mirror_slave (
     jenkins_gitfullname => $jenkins_gitfullname,
     jenkins_gitemail    => $jenkins_gitemail,
     project_config_repo => $project_config_repo,
-  }
-
-  file { '/home/jenkins/.ssh/id_rsa':
-    owner   => 'jenkins',
-    group   => 'jenkins',
-    mode    => '0400',
-    require => File['/home/jenkins/.ssh'],
-    content => $wheel_mirror_ssh_private_key,
-  }
-
-  file { '/home/jenkins/.ssh/id_rsa.pub':
-    owner   => 'jenkins',
-    group   => 'jenkins',
-    mode    => '0400',
-    require => File['/home/jenkins/.ssh'],
-    content => $wheel_mirror_ssh_public_key,
-  }
-
-  file { '/home/jenkins/.ssh/known_hosts':
-    owner   => 'jenkins',
-    group   => 'jenkins',
-    mode    => '0600',
-    content => template('openstack_project/wheel_mirror/known_hosts.erb')
+    afs                 => true,
   }
 
   # below follows a rough list of things required to build binary