From b51d23a3cdd6bac77d8542d6dafae8dae0a353ec Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Sat, 1 Jun 2013 19:40:07 -0700
Subject: [PATCH] Pass Jenkins' SSH pub key to special slaves.

The openstack_project::slave refactor defaulted the Jenkins' SSH pub key
to an empty string. This erased the authorized keys file for the Jenkins
user on our specialized slaves. Restore that file's contents.

Change-Id: I28067017ec2dc36feef9df076099813abf820ee9
Reviewed-on: https://review.openstack.org/31419
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
---
 manifests/site.pp                                 | 15 ++++++++++-----
 .../manifests/devstack_launch_slave.pp            |  4 +++-
 .../openstack_project/manifests/mirror26_slave.pp |  2 ++
 .../openstack_project/manifests/mirror27_slave.pp |  2 ++
 .../openstack_project/manifests/mirror_slave.pp   |  6 +++++-
 modules/openstack_project/manifests/pypi_slave.pp |  6 +++++-
 .../manifests/translation_slave.pp                |  5 ++++-
 7 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 367ea26d1e..ab6e3c36dd 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -304,12 +304,14 @@ node /^ci-backup-.*\.openstack\.org$/ {
 
 node 'mirror26.slave.openstack.org' {
   class { 'openstack_project::mirror26_slave':
+    jenkins_ssh_public_key  => $openstack_project::jenkins_ssh_key,
     jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents')
   }
 }
 
 node 'mirror27.slave.openstack.org' {
   class { 'openstack_project::mirror27_slave':
+    jenkins_ssh_public_key  => $openstack_project::jenkins_ssh_key,
     jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents')
   }
 }
@@ -318,21 +320,24 @@ node 'devstack-launch.slave.openstack.org' {
   class { 'openstack_project::devstack_launch_slave':
     jenkins_api_user        => hiera('jenkins_api_user'),
     jenkins_api_key         => hiera('jenkins_api_key'),
-    jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents')
+    jenkins_ssh_public_key  => $openstack_project::jenkins_ssh_key,
+    jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
   }
 }
 
 node 'tx.slave.openstack.org' {
   class { 'openstack_project::translation_slave':
-    transifex_username => 'openstackjenkins',
-    transifex_password => hiera('transifex_password')
+    transifex_username     => 'openstackjenkins',
+    transifex_password     => hiera('transifex_password'),
+    jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
   }
 }
 
 node 'pypi.slave.openstack.org' {
   class { 'openstack_project::pypi_slave':
-    pypi_username => 'openstackci',
-    pypi_password => hiera('pypi_password')
+    pypi_username          => 'openstackci',
+    pypi_password          => hiera('pypi_password'),
+    jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
   }
 }
 
diff --git a/modules/openstack_project/manifests/devstack_launch_slave.pp b/modules/openstack_project/manifests/devstack_launch_slave.pp
index d082096b2a..cdace91c2a 100644
--- a/modules/openstack_project/manifests/devstack_launch_slave.pp
+++ b/modules/openstack_project/manifests/devstack_launch_slave.pp
@@ -17,11 +17,13 @@
 class openstack_project::devstack_launch_slave (
   $jenkins_api_user,
   $jenkins_api_key,
+  $jenkins_ssh_public_key,
   $jenkins_ssh_private_key,
 ) {
 
   class { 'openstack_project::slave':
-    bare => true,
+    bare    => true,
+    ssh_key => $jenkins_ssh_public_key,
   }
 
   package { [ 'python-novaclient',
diff --git a/modules/openstack_project/manifests/mirror26_slave.pp b/modules/openstack_project/manifests/mirror26_slave.pp
index cf6669b3fb..1e7075708b 100644
--- a/modules/openstack_project/manifests/mirror26_slave.pp
+++ b/modules/openstack_project/manifests/mirror26_slave.pp
@@ -15,10 +15,12 @@
 # Install a python26 mirror building slave.
 
 class openstack_project::mirror26_slave (
+  $jenkins_ssh_public_key,
   $jenkins_ssh_private_key,
 ) {
 
   class { 'openstack_project::mirror_slave':
+    jenkins_ssh_public_key  => $jenkins_ssh_public_key,
     jenkins_ssh_private_key => $jenkins_ssh_private_key,
   }
 }
diff --git a/modules/openstack_project/manifests/mirror27_slave.pp b/modules/openstack_project/manifests/mirror27_slave.pp
index 5c1fb2b177..47da9f26ea 100644
--- a/modules/openstack_project/manifests/mirror27_slave.pp
+++ b/modules/openstack_project/manifests/mirror27_slave.pp
@@ -15,10 +15,12 @@
 # Install a python27 mirror building slave.
 
 class openstack_project::mirror27_slave (
+  $jenkins_ssh_public_key,
   $jenkins_ssh_private_key,
 ) {
 
   class { 'openstack_project::mirror_slave':
+    jenkins_ssh_public_key  => $jenkins_ssh_public_key,
     jenkins_ssh_private_key => $jenkins_ssh_private_key,
   }
 }
diff --git a/modules/openstack_project/manifests/mirror_slave.pp b/modules/openstack_project/manifests/mirror_slave.pp
index 3848aa8a42..980f45a9de 100644
--- a/modules/openstack_project/manifests/mirror_slave.pp
+++ b/modules/openstack_project/manifests/mirror_slave.pp
@@ -15,10 +15,14 @@
 # Install a python mirror building slave.
 
 class openstack_project::mirror_slave (
+  $jenkins_ssh_public_key,
   $jenkins_ssh_private_key,
 ) {
 
-  include openstack_project::slave
+  class { 'openstack_project::slave':
+    ssh_key => $jenkins_ssh_public_key,
+  }
+
   include jeepyb
 
   file { '/home/jenkins/.ssh/id_rsa':
diff --git a/modules/openstack_project/manifests/pypi_slave.pp b/modules/openstack_project/manifests/pypi_slave.pp
index 5178641b9c..3787d00887 100644
--- a/modules/openstack_project/manifests/pypi_slave.pp
+++ b/modules/openstack_project/manifests/pypi_slave.pp
@@ -16,9 +16,13 @@
 #
 class openstack_project::pypi_slave (
   $pypi_password,
+  $jenkins_ssh_public_key,
   $pypi_username = 'openstackci'
 ) {
-  include openstack_project::slave
+  class { 'openstack_project::slave':
+    ssh_key => $jenkins_ssh_public_key,
+  }
+
   include pip
 
   package { 'pkginfo':
diff --git a/modules/openstack_project/manifests/translation_slave.pp b/modules/openstack_project/manifests/translation_slave.pp
index 1c3d41203b..e271724455 100644
--- a/modules/openstack_project/manifests/translation_slave.pp
+++ b/modules/openstack_project/manifests/translation_slave.pp
@@ -1,11 +1,14 @@
 # == Class: openstack_project::translation_slave
 #
 class openstack_project::translation_slave (
+  $jenkins_ssh_public_key,
   $transifex_password = '',
   $transifex_username = 'openstackci',
 ) {
 
-  include openstack_project::slave
+  class { 'openstack_project::slave':
+    ssh_key => $jenkins_ssh_public_key,
+  }
 
   package { ['transifex-client', 'Babel']:
     ensure   => latest,