Add releasestatus SSH key

Add an SSH keypair for releasestatus so that it can connect to
review.openstack.org to grab review data. Also add review.o.o
public key to known_hosts.

The data in hiera was already added.

Change-Id: I193dfad5b229a0c193ce35d5a8917b0b3b86c117
Reviewed-on: https://review.openstack.org/30881
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins

manifests/site.pp

@@ -243,6 +243,9 @@ node 'static.openstack.org' {
     reviewday_rsa_key_contents    => hiera('reviewday_rsa_key_contents'),
     reviewday_rsa_pubkey_contents => hiera('reviewday_rsa_pubkey_contents'),
     reviewday_gerrit_ssh_key      => hiera('gerrit_ssh_rsa_pubkey_contents'),
+    releasestatus_prvkey_contents => hiera('releasestatus_rsa_key_contents'),
+    releasestatus_pubkey_contents => hiera('releasestatus_rsa_pubkey_contents'),
+    releasestatus_gerrit_ssh_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
   }
 }
 

modules/openstack_project/manifests/static.pp

@@ -4,7 +4,10 @@ class openstack_project::static (
   $sysadmins = [],
   $reviewday_gerrit_ssh_key = '',
   $reviewday_rsa_pubkey_contents = '',
-  $reviewday_rsa_key_contents = ''
+  $reviewday_rsa_key_contents = '',
+  $releasestatus_prvkey_contents = '',
+  $releasestatus_pubkey_contents = '',
+  $releasestatus_gerrit_ssh_key = '',
 ) {
 
   class { 'openstack_project::server':
@@ -274,7 +277,11 @@ class openstack_project::static (
   ###########################################################
   # Status - releasestatus
 
-  include releasestatus
+  class { 'releasestatus':
+    releasestatus_prvkey_contents => $releasestatus_prvkey_contents,
+    releasestatus_pubkey_contents => $releasestatus_pubkey_contents,
+    releasestatus_gerrit_ssh_key  => $releasestatus_gerrit_ssh_key,
+  }
 
   releasestatus::site { 'releasestatus':
     configfile => 'integrated.yaml',

modules/releasestatus/manifests/init.pp

@@ -14,7 +14,11 @@
 #
 # Class: releasestatus
 #
-class releasestatus {
+class releasestatus (
+  $releasestatus_prvkey_contents = '',
+  $releasestatus_pubkey_contents = '',
+  $releasestatus_gerrit_ssh_key = '',
+) {
   if ! defined(Package['python-launchpadlib']) {
     package { 'python-launchpadlib':
       ensure => present,
@@ -54,6 +58,47 @@ class releasestatus {
     require => User['releasestatus'],
   }
 
+  file { '/var/lib/releasestatus/.ssh/':
+    ensure  => directory,
+    owner   => 'releasestatus',
+    group   => 'releasestatus',
+    mode    => '0700',
+    require => File['/var/lib/releasestatus'],
+  }
+
+  if $releasestatus_prvkey_contents != '' {
+    file { '/var/lib/releasestatus/.ssh/id_rsa':
+      owner   => 'releasestatus',
+      group   => 'releasestatus',
+      mode    => '0600',
+      content => $releasestatus_prvkey_contents,
+      replace => true,
+      require => File['/var/lib/releasestatus/.ssh/']
+    }
+  }
+
+  if $releasestatus_pubkey_contents != '' {
+    file { '/var/lib/releasestatus/.ssh/id_rsa.pub':
+      owner   => 'releasestatus',
+      group   => 'releasestatus',
+      mode    => '0600',
+      content => $releasestatus_pubkey_contents,
+      replace => true,
+      require => File['/var/lib/releasestatus/.ssh/']
+    }
+  }
+
+  if $releasestatus_gerrit_ssh_key != '' {
+    file { '/var/lib/releasestatus/.ssh/known_hosts':
+      owner   => 'releasestatus',
+      group   => 'releasestatus',
+      mode    => '0600',
+      content => "review.openstack.org ${releasestatus_gerrit_ssh_key}",
+      replace => true,
+      require => File['/var/lib/releasestatus/.ssh/']
+    }
+  }
+
   vcsrepo { '/var/lib/releasestatus/releasestatus':
     ensure   => latest,
     provider => git,