Support ssh-enabled windows hosts in add-build-sshkey

The winrm protocol is very inefficient when copying things to the node
therefore it makes sense to have working ssh connections on windows
hosts. Adding windows support to the add-build-sshkey role is the
first step towards this.

Change-Id: I5591b39b0107385fec8c6df1fbe6c316177d32e6

roles/add-build-sshkey/tasks/create-key-and-replace.yaml

@@ -3,38 +3,13 @@
   delegate_to: localhost
   run_once: true
 
-- name: Remove previously added zuul-build-sshkey
-  lineinfile:
-    path: "~/.ssh/authorized_keys"
-    regexp: ".* zuul-build-sshkey$"
-    state: absent
-  when: zuul_build_sshkey_cleanup
+- name: Remote setup ssh keys (linux)
+  include: remote-linux.yaml
+  when: ansible_os_family != "Windows"
 
-- name: Enable access via build key on all nodes
-  authorized_key:
-    user: "{{ ansible_ssh_user }}"
-    state: present
-    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
-
-- name: Make sure user has a .ssh
-  file:
-    state: directory
-    path: "~/.ssh"
-    mode: 0700
-
-- name: Install build private key as SSH key on all nodes
-  copy:
-    src: "{{ zuul_temp_ssh_key }}"
-    dest: "~/.ssh/id_rsa"
-    mode: 0600
-    force: no
-
-- name: Install build public key as SSH key on all nodes
-  copy:
-    src: "{{ zuul_temp_ssh_key }}.pub"
-    dest: "~/.ssh/id_rsa.pub"
-    mode: 0644
-    force: no
+- name: Remote setup ssh keys (windows)
+  include: remote-windows.yaml
+  when: ansible_os_family == "Windows"
 
 - name: Remove master key from local agent
   # The master key has a filename, all others (e.g., per-project keys)
@@ -51,3 +26,13 @@
 
 - name: Verify we can still SSH to all nodes
   ping:
+  when: ansible_os_family != "Windows"
+
+- name: Verify we can still SSH to all nodes (windows)
+  command: ssh -o ConnectTimeout=10 {{ ansible_user }}@{{ ansible_host }} echo success
+  delegate_to: localhost
+  when:
+    - ansible_os_family == "Windows"
+    # Only run if we successfully configured the host. If not the host doesn't support
+    # ssh and the check shall not break them.
+    - windows_remote_ssh is succeeded

roles/add-build-sshkey/tasks/remote-linux.yaml

@@ -0,0 +1,32 @@
+- name: Remove previously added zuul-build-sshkey
+  lineinfile:
+    path: "~/.ssh/authorized_keys"
+    regexp: ".* zuul-build-sshkey$"
+    state: absent
+  when: zuul_build_sshkey_cleanup
+
+- name: Enable access via build key on all nodes
+  authorized_key:
+    user: "{{ ansible_ssh_user }}"
+    state: present
+    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
+
+- name: Make sure user has a .ssh
+  file:
+    state: directory
+    path: "~/.ssh"
+    mode: 0700
+
+- name: Install build private key as SSH key on all nodes
+  copy:
+    src: "{{ zuul_temp_ssh_key }}"
+    dest: "~/.ssh/id_rsa"
+    mode: 0600
+    force: no
+
+- name: Install build public key as SSH key on all nodes
+  copy:
+    src: "{{ zuul_temp_ssh_key }}.pub"
+    dest: "~/.ssh/id_rsa.pub"
+    mode: 0644
+    force: no

roles/add-build-sshkey/tasks/remote-windows.yaml

@@ -0,0 +1,20 @@
+- name: Configure ssh on remote node
+  delegate_to: localhost
+  shell: |+
+    set -eu
+
+    echo "Add node to known_hosts"
+    ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} echo success
+
+    echo
+
+    # We use scp here as this is much more performant than ansible copy
+    echo "Copy build ssh keys to node"
+    scp {{ zuul_temp_ssh_key }} {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa
+    scp {{ zuul_temp_ssh_key }}.pub {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa.pub
+
+    echo "Add build ssh keys to authorized_keys"
+    ssh {{ ansible_user }}@{{ ansible_host }} "type .ssh\\id_rsa.pub >> .ssh\\authorized_keys"
+  register: windows_remote_ssh
+  # Ignore errors here because this should not break non-ssh enabled windows hosts
+  ignore_errors: true