From b7f14309a72e27f0c999bd8344c4f21e86855bba Mon Sep 17 00:00:00 2001
From: Tobias Henkel <tobias.henkel@bmw.de>
Date: Thu, 18 Apr 2019 12:22:47 +0200
Subject: [PATCH] Support ssh-enabled windows hosts in add-build-sshkey

The winrm protocol is very inefficient when copying things to the node
therefore it makes sense to have working ssh connections on windows
hosts. Adding windows support to the add-build-sshkey role is the
first step towards this.

Change-Id: I5591b39b0107385fec8c6df1fbe6c316177d32e6
---
 .../tasks/create-key-and-replace.yaml         | 47 +++++++------------
 .../add-build-sshkey/tasks/remote-linux.yaml  | 32 +++++++++++++
 .../tasks/remote-windows.yaml                 | 20 ++++++++
 3 files changed, 68 insertions(+), 31 deletions(-)
 create mode 100644 roles/add-build-sshkey/tasks/remote-linux.yaml
 create mode 100644 roles/add-build-sshkey/tasks/remote-windows.yaml

diff --git a/roles/add-build-sshkey/tasks/create-key-and-replace.yaml b/roles/add-build-sshkey/tasks/create-key-and-replace.yaml
index 0a5f4418c..d4d6db66c 100644
--- a/roles/add-build-sshkey/tasks/create-key-and-replace.yaml
+++ b/roles/add-build-sshkey/tasks/create-key-and-replace.yaml
@@ -3,38 +3,13 @@
   delegate_to: localhost
   run_once: true
 
-- name: Remove previously added zuul-build-sshkey
-  lineinfile:
-    path: "~/.ssh/authorized_keys"
-    regexp: ".* zuul-build-sshkey$"
-    state: absent
-  when: zuul_build_sshkey_cleanup
+- name: Remote setup ssh keys (linux)
+  include: remote-linux.yaml
+  when: ansible_os_family != "Windows"
 
-- name: Enable access via build key on all nodes
-  authorized_key:
-    user: "{{ ansible_ssh_user }}"
-    state: present
-    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
-
-- name: Make sure user has a .ssh
-  file:
-    state: directory
-    path: "~/.ssh"
-    mode: 0700
-
-- name: Install build private key as SSH key on all nodes
-  copy:
-    src: "{{ zuul_temp_ssh_key }}"
-    dest: "~/.ssh/id_rsa"
-    mode: 0600
-    force: no
-
-- name: Install build public key as SSH key on all nodes
-  copy:
-    src: "{{ zuul_temp_ssh_key }}.pub"
-    dest: "~/.ssh/id_rsa.pub"
-    mode: 0644
-    force: no
+- name: Remote setup ssh keys (windows)
+  include: remote-windows.yaml
+  when: ansible_os_family == "Windows"
 
 - name: Remove master key from local agent
   # The master key has a filename, all others (e.g., per-project keys)
@@ -51,3 +26,13 @@
 
 - name: Verify we can still SSH to all nodes
   ping:
+  when: ansible_os_family != "Windows"
+
+- name: Verify we can still SSH to all nodes (windows)
+  command: ssh -o ConnectTimeout=10 {{ ansible_user }}@{{ ansible_host }} echo success
+  delegate_to: localhost
+  when:
+    - ansible_os_family == "Windows"
+    # Only run if we successfully configured the host. If not the host doesn't support
+    # ssh and the check shall not break them.
+    - windows_remote_ssh is succeeded
diff --git a/roles/add-build-sshkey/tasks/remote-linux.yaml b/roles/add-build-sshkey/tasks/remote-linux.yaml
new file mode 100644
index 000000000..b8d47e193
--- /dev/null
+++ b/roles/add-build-sshkey/tasks/remote-linux.yaml
@@ -0,0 +1,32 @@
+- name: Remove previously added zuul-build-sshkey
+  lineinfile:
+    path: "~/.ssh/authorized_keys"
+    regexp: ".* zuul-build-sshkey$"
+    state: absent
+  when: zuul_build_sshkey_cleanup
+
+- name: Enable access via build key on all nodes
+  authorized_key:
+    user: "{{ ansible_ssh_user }}"
+    state: present
+    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
+
+- name: Make sure user has a .ssh
+  file:
+    state: directory
+    path: "~/.ssh"
+    mode: 0700
+
+- name: Install build private key as SSH key on all nodes
+  copy:
+    src: "{{ zuul_temp_ssh_key }}"
+    dest: "~/.ssh/id_rsa"
+    mode: 0600
+    force: no
+
+- name: Install build public key as SSH key on all nodes
+  copy:
+    src: "{{ zuul_temp_ssh_key }}.pub"
+    dest: "~/.ssh/id_rsa.pub"
+    mode: 0644
+    force: no
diff --git a/roles/add-build-sshkey/tasks/remote-windows.yaml b/roles/add-build-sshkey/tasks/remote-windows.yaml
new file mode 100644
index 000000000..b5aff4a5b
--- /dev/null
+++ b/roles/add-build-sshkey/tasks/remote-windows.yaml
@@ -0,0 +1,20 @@
+- name: Configure ssh on remote node
+  delegate_to: localhost
+  shell: |+
+    set -eu
+
+    echo "Add node to known_hosts"
+    ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no {{ ansible_user }}@{{ ansible_host }} echo success
+
+    echo
+
+    # We use scp here as this is much more performant than ansible copy
+    echo "Copy build ssh keys to node"
+    scp {{ zuul_temp_ssh_key }} {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa
+    scp {{ zuul_temp_ssh_key }}.pub {{ ansible_user }}@{{ ansible_host }}:.ssh/id_rsa.pub
+
+    echo "Add build ssh keys to authorized_keys"
+    ssh {{ ansible_user }}@{{ ansible_host }} "type .ssh\\id_rsa.pub >> .ssh\\authorized_keys"
+  register: windows_remote_ssh
+  # Ignore errors here because this should not break non-ssh enabled windows hosts
+  ignore_errors: true