- name: Create Temp SSH key
  command: ssh-keygen -t rsa -N '' -C 'zuul-build-sshkey' -f {{ zuul_temp_ssh_key }}
  delegate_to: localhost
  run_once: true

- name: Remove previously added zuul-build-sshkey
  lineinfile:
    path: "~/.ssh/authorized_keys"
    regexp: ".* zuul-build-sshkey$"
    state: absent
  when: zuul_build_sshkey_cleanup

- name: Enable access via build key on all nodes
  authorized_key:
    user: "{{ ansible_ssh_user }}"
    state: present
    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"

- name: Make sure user has a .ssh
  file:
    state: directory
    path: "~/.ssh"
    mode: 0700

- name: Install build private key as SSH key on all nodes
  copy:
    src: "{{ zuul_temp_ssh_key }}"
    dest: "~/.ssh/id_rsa"
    mode: 0600
    force: no

- name: Install build public key as SSH key on all nodes
  copy:
    src: "{{ zuul_temp_ssh_key }}.pub"
    dest: "~/.ssh/id_rsa.pub"
    mode: 0644
    force: no

- name: Remove master key from local agent
  # The master key has a filename, all others (e.g., per-project keys)
  # have "(stdin)" as a comment.
  sshagent_remove_keys:
    remove: '^(?!\(stdin\)).*'
  delegate_to: localhost
  run_once: true

- name: Add back temp key
  command: ssh-add {{ zuul_temp_ssh_key }}
  delegate_to: localhost
  run_once: true

- name: Verify we can still SSH to all nodes
  ping: