add-build-sshkey: remove previously authorized build-sshkey

This change improves the add-build-sshkey role to be usable for
static node where we need to clean-up previously added build-sshkey.

Change-Id: Ibcb2880deea4f7e51de51d6df11afc1de3fa4571

roles/add-build-sshkey/README.rst

@@ -13,3 +13,10 @@ newly generated private key.
 .. zuul:rolevar:: zuul_temp_ssh_key
 
    Where to put the newly-generated SSH private key.
+
+.. zuul:rolevar:: zuul_build_sshkey_cleanup
+   :default: false
+
+   Remove previous build sshkey. Set it to true for single use static node.
+   Do not set it to true for multi-slot static nodes as it removes the
+   build key configured by other jobs.

roles/add-build-sshkey/tasks/create-key-and-replace.yaml

@@ -1,8 +1,15 @@
 - name: Create Temp SSH key
-  command: ssh-keygen -t rsa -b 1024 -N '' -f {{ zuul_temp_ssh_key }}
+  command: ssh-keygen -t rsa -b 1024 -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }}
   delegate_to: localhost
   run_once: true
 
+- name: Remove previously added zuul-build-sshkey
+  lineinfile:
+    path: "~/.ssh/authorized_keys"
+    regexp: ".* zuul-build-sshkey$"
+    state: absent
+  when: zuul_build_sshkey_cleanup
+
 - name: Enable access via build key on all nodes
   authorized_key:
     user: "{{ ansible_ssh_user }}"

roles/add-build-sshkey/vars/main.yml

@@ -1 +1,2 @@
 zuul_temp_ssh_key: "{{ zuul.executor.work_root }}/{{ zuul.build }}_id_rsa"
+zuul_build_sshkey_cleanup: false