Disable root private key distribution by the utility playbook

There is no clear need for this behavior so it has been disabled
by default. A new var: ``utility_ssh_private_key`` has been
introduced for deployers who desire this behavior.

Change-Id: Iac51d667e19a0cabd825714dc90da73eef9c6992

playbooks/inventory/group_vars/utility_all.yml

@@ -14,3 +14,7 @@
 # limitations under the License.
 
 tempest_log_dir: /var/log/utility
+
+# Set this if ssh access from the utility container to all other hosts is
+# desired
+# utility_ssh_private_key: "{{ lookup('file', '/root/.ssh/id_rsa') }}"

playbooks/utility-install.yml

@@ -111,16 +111,15 @@
       with_items: utility_pip_packages
       tags:
         - utility-pip-packages
-    - name: Grab private ssh key
-      set_fact:
-        private_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa') }}"
-    - name: Drop in private ssh key
+    - name: Distribute private ssh key
       copy:
-        content: "{{ private_ssh_key }}"
+        content: "{{ utility_ssh_private_key }}"
         dest: /root/.ssh/id_rsa
         mode: 0600
         owner: root
         group: root
+      when:
+        - utility_ssh_private_key is defined
   vars:
     galera_address: "{{ internal_lb_vip_address }}"
     utility_pip_packages:

releasenotes/notes/utility_container_ssh_key-44b1d15a1c06395e.yaml

@@ -0,0 +1,6 @@
+---
+upgrade:
+  - The ``utility-all.yml`` playbook will no longer distribute the deployment
+    host's root user's private ssh key to all utility containers. Deployers
+    who desire this behavior should set the ``utility_ssh_private_key``
+    variable.