Add releasestatus SSH key

Add an SSH keypair for releasestatus so that it can connect to review.openstack.org to grab review data. Also add review.o.o public key to known_hosts. The data in hiera was already added. Change-Id: I193dfad5b229a0c193ce35d5a8917b0b3b86c117 Reviewed-on: https://review.openstack.org/30881 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-05-29 15:36:42 +02:00 · 2013-05-29 15:36:42 +02:00 · f51ac05e3e
commit f51ac05e3e
parent c140bec6d2
3 changed files with 58 additions and 3 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -243,6 +243,9 @@ node 'static.openstack.org' {
    reviewday_rsa_key_contents    => hiera('reviewday_rsa_key_contents'),
    reviewday_rsa_pubkey_contents => hiera('reviewday_rsa_pubkey_contents'),
    reviewday_gerrit_ssh_key      => hiera('gerrit_ssh_rsa_pubkey_contents'),
+    releasestatus_prvkey_contents => hiera('releasestatus_rsa_key_contents'),
+    releasestatus_pubkey_contents => hiera('releasestatus_rsa_pubkey_contents'),
+    releasestatus_gerrit_ssh_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
  }
 }

--- a/modules/openstack_project/manifests/static.pp
+++ b/modules/openstack_project/manifests/static.pp
@ -4,7 +4,10 @@ class openstack_project::static (
  $sysadmins = [],
  $reviewday_gerrit_ssh_key = '',
  $reviewday_rsa_pubkey_contents = '',
-  $reviewday_rsa_key_contents = ''
+  $reviewday_rsa_key_contents = '',
+  $releasestatus_prvkey_contents = '',
+  $releasestatus_pubkey_contents = '',
+  $releasestatus_gerrit_ssh_key = '',
 ) {

  class { 'openstack_project::server':
@ -274,7 +277,11 @@ class openstack_project::static (
  ###########################################################
  # Status - releasestatus

-  include releasestatus
+  class { 'releasestatus':
+    releasestatus_prvkey_contents => $releasestatus_prvkey_contents,
+    releasestatus_pubkey_contents => $releasestatus_pubkey_contents,
+    releasestatus_gerrit_ssh_key  => $releasestatus_gerrit_ssh_key,
+  }

  releasestatus::site { 'releasestatus':
    configfile => 'integrated.yaml',
--- a/modules/releasestatus/manifests/init.pp
+++ b/modules/releasestatus/manifests/init.pp
@ -14,7 +14,11 @@
 #
 # Class: releasestatus
 #
-class releasestatus {
+class releasestatus (
+  $releasestatus_prvkey_contents = '',
+  $releasestatus_pubkey_contents = '',
+  $releasestatus_gerrit_ssh_key = '',
+) {
  if ! defined(Package['python-launchpadlib']) {
    package { 'python-launchpadlib':
      ensure => present,
@ -54,6 +58,47 @@ class releasestatus {
    require => User['releasestatus'],
  }

+  file { '/var/lib/releasestatus/.ssh/':
+    ensure  => directory,
+    owner   => 'releasestatus',
+    group   => 'releasestatus',
+    mode    => '0700',
+    require => File['/var/lib/releasestatus'],
+  }
+
+  if $releasestatus_prvkey_contents != '' {
+    file { '/var/lib/releasestatus/.ssh/id_rsa':
+      owner   => 'releasestatus',
+      group   => 'releasestatus',
+      mode    => '0600',
+      content => $releasestatus_prvkey_contents,
+      replace => true,
+      require => File['/var/lib/releasestatus/.ssh/']
+    }
+  }
+
+  if $releasestatus_pubkey_contents != '' {
+    file { '/var/lib/releasestatus/.ssh/id_rsa.pub':
+      owner   => 'releasestatus',
+      group   => 'releasestatus',
+      mode    => '0600',
+      content => $releasestatus_pubkey_contents,
+      replace => true,
+      require => File['/var/lib/releasestatus/.ssh/']
+    }
+  }
+
+  if $releasestatus_gerrit_ssh_key != '' {
+    file { '/var/lib/releasestatus/.ssh/known_hosts':
+      owner   => 'releasestatus',
+      group   => 'releasestatus',
+      mode    => '0600',
+      content => "review.openstack.org ${releasestatus_gerrit_ssh_key}",
+      replace => true,
+      require => File['/var/lib/releasestatus/.ssh/']
+    }
+  }
+
  vcsrepo { '/var/lib/releasestatus/releasestatus':
    ensure   => latest,
    provider => git,