From f51ac05e3e3fd77478bf7d7de51fb1c3535122e4 Mon Sep 17 00:00:00 2001
From: Thierry Carrez <thierry@openstack.org>
Date: Wed, 29 May 2013 15:36:42 +0200
Subject: [PATCH] Add releasestatus SSH key

Add an SSH keypair for releasestatus so that it can connect to
review.openstack.org to grab review data. Also add review.o.o
public key to known_hosts.

The data in hiera was already added.

Change-Id: I193dfad5b229a0c193ce35d5a8917b0b3b86c117
Reviewed-on: https://review.openstack.org/30881
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
---
 manifests/site.pp                             |  3 ++
 modules/openstack_project/manifests/static.pp | 11 ++++-
 modules/releasestatus/manifests/init.pp       | 47 ++++++++++++++++++-
 3 files changed, 58 insertions(+), 3 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index ccd2c72934..367ea26d1e 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -243,6 +243,9 @@ node 'static.openstack.org' {
     reviewday_rsa_key_contents    => hiera('reviewday_rsa_key_contents'),
     reviewday_rsa_pubkey_contents => hiera('reviewday_rsa_pubkey_contents'),
     reviewday_gerrit_ssh_key      => hiera('gerrit_ssh_rsa_pubkey_contents'),
+    releasestatus_prvkey_contents => hiera('releasestatus_rsa_key_contents'),
+    releasestatus_pubkey_contents => hiera('releasestatus_rsa_pubkey_contents'),
+    releasestatus_gerrit_ssh_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
   }
 }
 
diff --git a/modules/openstack_project/manifests/static.pp b/modules/openstack_project/manifests/static.pp
index a4674ef3a9..768394105e 100644
--- a/modules/openstack_project/manifests/static.pp
+++ b/modules/openstack_project/manifests/static.pp
@@ -4,7 +4,10 @@ class openstack_project::static (
   $sysadmins = [],
   $reviewday_gerrit_ssh_key = '',
   $reviewday_rsa_pubkey_contents = '',
-  $reviewday_rsa_key_contents = ''
+  $reviewday_rsa_key_contents = '',
+  $releasestatus_prvkey_contents = '',
+  $releasestatus_pubkey_contents = '',
+  $releasestatus_gerrit_ssh_key = '',
 ) {
 
   class { 'openstack_project::server':
@@ -274,7 +277,11 @@ class openstack_project::static (
   ###########################################################
   # Status - releasestatus
 
-  include releasestatus
+  class { 'releasestatus':
+    releasestatus_prvkey_contents => $releasestatus_prvkey_contents,
+    releasestatus_pubkey_contents => $releasestatus_pubkey_contents,
+    releasestatus_gerrit_ssh_key  => $releasestatus_gerrit_ssh_key,
+  }
 
   releasestatus::site { 'releasestatus':
     configfile => 'integrated.yaml',
diff --git a/modules/releasestatus/manifests/init.pp b/modules/releasestatus/manifests/init.pp
index 801e605a4c..3c30d058f9 100644
--- a/modules/releasestatus/manifests/init.pp
+++ b/modules/releasestatus/manifests/init.pp
@@ -14,7 +14,11 @@
 #
 # Class: releasestatus
 #
-class releasestatus {
+class releasestatus (
+  $releasestatus_prvkey_contents = '',
+  $releasestatus_pubkey_contents = '',
+  $releasestatus_gerrit_ssh_key = '',
+) {
   if ! defined(Package['python-launchpadlib']) {
     package { 'python-launchpadlib':
       ensure => present,
@@ -54,6 +58,47 @@ class releasestatus {
     require => User['releasestatus'],
   }
 
+  file { '/var/lib/releasestatus/.ssh/':
+    ensure  => directory,
+    owner   => 'releasestatus',
+    group   => 'releasestatus',
+    mode    => '0700',
+    require => File['/var/lib/releasestatus'],
+  }
+
+  if $releasestatus_prvkey_contents != '' {
+    file { '/var/lib/releasestatus/.ssh/id_rsa':
+      owner   => 'releasestatus',
+      group   => 'releasestatus',
+      mode    => '0600',
+      content => $releasestatus_prvkey_contents,
+      replace => true,
+      require => File['/var/lib/releasestatus/.ssh/']
+    }
+  }
+
+  if $releasestatus_pubkey_contents != '' {
+    file { '/var/lib/releasestatus/.ssh/id_rsa.pub':
+      owner   => 'releasestatus',
+      group   => 'releasestatus',
+      mode    => '0600',
+      content => $releasestatus_pubkey_contents,
+      replace => true,
+      require => File['/var/lib/releasestatus/.ssh/']
+    }
+  }
+
+  if $releasestatus_gerrit_ssh_key != '' {
+    file { '/var/lib/releasestatus/.ssh/known_hosts':
+      owner   => 'releasestatus',
+      group   => 'releasestatus',
+      mode    => '0600',
+      content => "review.openstack.org ${releasestatus_gerrit_ssh_key}",
+      replace => true,
+      require => File['/var/lib/releasestatus/.ssh/']
+    }
+  }
+
   vcsrepo { '/var/lib/releasestatus/releasestatus':
     ensure   => latest,
     provider => git,