Manage gerrit's ecdsa and ed25519 hostkeys

This came up as something that was missing while we bootstrapped a new
gerrit server. The rsa hostkey is managed but none of the three ecdsa
keys or the ed25519 key is. Fix that by managing these keys in the same
manner we manager the RSA key.

Change-Id: Iaf58543b6833273ca45fa5c359dc88eaf64d7a03

playbooks/roles/gerrit/tasks/main.yaml

@@ -96,8 +96,8 @@
     group: "{{ gerrit_user_name }}"
     mode: 0644
 
-# Server host key for SSH service on port 29418
-- name: Write Gerrit SSH host private key
+# Server host keys for SSH service on port 29418
+- name: Write Gerrit SSH RSA host private key
   copy:
     content: "{{ gerrit_ssh_rsa_key_contents }}"
     dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key"
@@ -105,7 +105,7 @@
     group: "{{ gerrit_user_name }}"
     mode: 0600
 
-- name: Write Gerrit SSH host public key
+- name: Write Gerrit SSH RSA host public key
   copy:
     content: "{{ gerrit_ssh_rsa_pubkey_contents }}"
     dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key.pub"
@@ -113,6 +113,70 @@
     group: "{{ gerrit_user_name }}"
     mode: 0644
 
+- name: Write Gerrit SSH ECDSA host private key
+  copy:
+    content: "{{ gerrit_ssh_ecdsa_key_contents }}"
+    dest: "{{ gerrit_site_dir }}/etc/ssh_host_ecdsa_key"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0600
+
+- name: Write Gerrit SSH ECDSA host public key
+  copy:
+    content: "{{ gerrit_ssh_ecdsa_pubkey_contents }}"
+    dest: "{{ gerrit_site_dir }}/etc/ssh_host_ecdsa_key.pub"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0644
+
+- name: Write Gerrit SSH ECDSA 384 host private key
+  copy:
+    content: "{{ gerrit_ssh_ecdsa_384_key_contents }}"
+    dest: "{{ gerrit_site_dir }}/etc/ssh_host_ecdsa_384_key"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0600
+
+- name: Write Gerrit SSH ECDSA 384 host public key
+  copy:
+    content: "{{ gerrit_ssh_ecdsa_384_pubkey_contents }}"
+    dest: "{{ gerrit_site_dir }}/etc/ssh_host_ecdsa_384_key.pub"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0644
+
+- name: Write Gerrit SSH ECDSA 521 host private key
+  copy:
+    content: "{{ gerrit_ssh_ecdsa_521_key_contents }}"
+    dest: "{{ gerrit_site_dir }}/etc/ssh_host_ecdsa_521_key"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0600
+
+- name: Write Gerrit SSH ECDSA 521 host public key
+  copy:
+    content: "{{ gerrit_ssh_ecdsa_521_pubkey_contents }}"
+    dest: "{{ gerrit_site_dir }}/etc/ssh_host_ecdsa_521_key.pub"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0644
+
+- name: Write Gerrit SSH ED25519 host private key
+  copy:
+    content: "{{ gerrit_ssh_ed25519_key_contents }}"
+    dest: "{{ gerrit_site_dir }}/etc/ssh_host_ed25519_key"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0600
+
+- name: Write Gerrit SSH ED25519 host public key
+  copy:
+    content: "{{ gerrit_ssh_ed25519_pubkey_contents }}"
+    dest: "{{ gerrit_site_dir }}/etc/ssh_host_ed25519_key.pub"
+    owner: "{{ gerrit_user_name }}"
+    group: "{{ gerrit_user_name }}"
+    mode: 0644
+
 # Private key for openstack-project-creator user
 - name: Write Gerrit SSH project private key
   copy:

playbooks/zuul/templates/host_vars/review99.opendev.org.yaml.j2

@@ -29,6 +29,56 @@ gerrit_ssh_rsa_key_contents: |
   -----END RSA PRIVATE KEY-----
 gerrit_ssh_rsa_pubkey_contents: |
   ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+pCQlTAQYmCrOY6aPbvbyKQDcOCXibPNGIjnPPMuEItCS0vtRnqEBz7znWZS5Drq9yKpROh6uFF01ao2VnNjw6f+NdRNV19RWVe6mYN+qa2VrH2caLwBrKPiH0Xc/eK41D55dZU7IWwKYAw/NpiBaBfHavFwipI+rmEb68MH2hcimDdr/bji+0hkh3X+42dkNvmMdtkuCW6nKdAEhnXaHZc5SJR/EvzgRCfB8vbML13p46O9xhoJgn7ZWvMb3vaR5jxIkQwstUR36raEVhttBDEuWasWnHYbrM1zd3ooudbTEQf5vXISZKFygHyJFFqb4iQ76i+hDlb0VQKZCdaol test-gerrit-hostkey
+gerrit_ssh_ecdsa_key_contents: |
+  -----BEGIN OPENSSH PRIVATE KEY-----
+  b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+  1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRZtjWNgtRszhwwxbDSHL2ufeD4TeeT
+  V6KmRH5UcPAvOoNo3//q5mWPUDrrFDK1OlfgxIUdcp3vSvCLIKVVc44kAAAAqLihL2q4oS
+  9qAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFm2NY2C1GzOHDDF
+  sNIcva594PhN55NXoqZEflRw8C86g2jf/+rmZY9QOusUMrU6V+DEhR1yne9K8IsgpVVzji
+  QAAAAgVf9XXCDp1ydUD64uMquWwJSYUMPi63zGfMtVejAGyKUAAAANY2xhcmtAdG9hc3Rl
+  cgECAw==
+  -----END OPENSSH PRIVATE KEY-----
+gerrit_ssh_ecdsa_pubkey_contents: |
+  ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFm2NY2C1GzOHDDFsNIcva594PhN55NXoqZEflRw8C86g2jf/+rmZY9QOusUMrU6V+DEhR1yne9K8IsgpVVzjiQ= test-gerrit-hostkey
+gerrit_ssh_ecdsa_384_key_contents: |
+  -----BEGIN OPENSSH PRIVATE KEY-----
+  b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+  1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQRjTpPwkO7rGhGVJCMWUrAcIMpGec34
+  0ti6MQ6m/XvfWxYvZ6cIOES1CcFwZrzJ8ImJpb3+tOGg5iGFkKVWFMrDJUPLcrrdgYmMAg
+  AoLsN3RlNohXf3UvGj//8gRs/lLxQAAADYLkUkxi5FJMYAAAATZWNkc2Etc2hhMi1uaXN0
+  cDM4NAAAAAhuaXN0cDM4NAAAAGEEY06T8JDu6xoRlSQjFlKwHCDKRnnN+NLYujEOpv1731
+  sWL2enCDhEtQnBcGa8yfCJiaW9/rThoOYhhZClVhTKwyVDy3K63YGJjAIAKC7Dd0ZTaIV3
+  91Lxo///IEbP5S8UAAAAMG2QdS4dTlRTeMHsw6le5MrI2pcJM+DDF791jn/GOh+0lFWV2H
+  qdHPhs8Cl5wEjOWwAAAA1jbGFya0B0b2FzdGVyAQID
+  -----END OPENSSH PRIVATE KEY-----
+gerrit_ssh_ecdsa_384_pubkey_contents: |
+  ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGNOk/CQ7usaEZUkIxZSsBwgykZ5zfjS2LoxDqb9e99bFi9npwg4RLUJwXBmvMnwiYmlvf604aDmIYWQpVYUysMlQ8tyut2BiYwCACguw3dGU2iFd/dS8aP//yBGz+UvFA== test-gerrit-hostkey
+gerrit_ssh_ecdsa_521_key_contents: |
+  -----BEGIN OPENSSH PRIVATE KEY-----
+  b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
+  1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBaJa5U2SwgWTRis4ixQ5Y0F+SL7eL
+  eFPLfukKQ5g+4U3R7/f10k+4YweOuA+aP9PEy0IUixSbdUM8vlydJ0L3jPcA1vDSJ3Vm7S
+  lD5wbDwq/htBU0jKlCsd4Hre2TWlPcl/6rxz9mqNu06XriO2kz5iAOREastwDx3OqGW9QD
+  GoceWVcAAAEQkQYD25EGA9sAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
+  AAAIUEAWiWuVNksIFk0YrOIsUOWNBfki+3i3hTy37pCkOYPuFN0e/39dJPuGMHjrgPmj/T
+  xMtCFIsUm3VDPL5cnSdC94z3ANbw0id1Zu0pQ+cGw8Kv4bQVNIypQrHeB63tk1pT3Jf+q8
+  c/ZqjbtOl64jtpM+YgDkRGrLcA8dzqhlvUAxqHHllXAAAAQgCAYxTk0LklOsGyS/iRfFDy
+  7RGJ6hoTRf6M8FIH5KS9l6++dL66T9Z4T/x/o2U6cBVCBy/ZAFi0Mi7s9KZMdlOlQAAAAA
+  1jbGFya0B0b2FzdGVyAQIDBAU=
+  -----END OPENSSH PRIVATE KEY-----
+gerrit_ssh_ecdsa_521_pubkey_contents: |
+  ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFolrlTZLCBZNGKziLFDljQX5Ivt4t4U8t+6QpDmD7hTdHv9/XST7hjB464D5o/08TLQhSLFJt1Qzy+XJ0nQveM9wDW8NIndWbtKUPnBsPCr+G0FTSMqUKx3get7ZNaU9yX/qvHP2ao27TpeuI7aTPmIA5ERqy3APHc6oZb1AMahx5ZVw== test-gerrit-hostkey
+gerrit_ssh_ed25519_key_contents: |
+  -----BEGIN OPENSSH PRIVATE KEY-----
+  b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+  QyNTUxOQAAACBSWYNC/4rHZ6+8MiQ41Xi8A7BWm2/Ze2U3tVqwLY3lvwAAAJDVdmJE1XZi
+  RAAAAAtzc2gtZWQyNTUxOQAAACBSWYNC/4rHZ6+8MiQ41Xi8A7BWm2/Ze2U3tVqwLY3lvw
+  AAAEDdfaDmCCWyXyX9ewHOeMWwR7aTUcRQmbYy52gjaLcn91JZg0L/isdnr7wyJDjVeLwD
+  sFabb9l7ZTe1WrAtjeW/AAAADWNsYXJrQHRvYXN0ZXI=
+  -----END OPENSSH PRIVATE KEY-----
+gerrit_ssh_ed25519_pubkey_contents: |
+  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFJZg0L/isdnr7wyJDjVeLwDsFabb9l7ZTe1WrAtjeW/ test-gerrit-hostkey
 gerrit_known_hosts_keys:
   '[{% raw %}{{ gerrit_vhost_name }}{% endraw %}]:29418': |
     [{% raw %}{{ gerrit_vhost_name }}{% endraw %}]:29418,[localhost]:29418,[127.0.0.1]:29418,[::1]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+pCQlTAQYmCrOY6aPbvbyKQDcOCXibPNGIjnPPMuEItCS0vtRnqEBz7znWZS5Drq9yKpROh6uFF01ao2VnNjw6f+NdRNV19RWVe6mYN+qa2VrH2caLwBrKPiH0Xc/eK41D55dZU7IWwKYAw/NpiBaBfHavFwipI+rmEb68MH2hcimDdr/bji+0hkh3X+42dkNvmMdtkuCW6nKdAEhnXaHZc5SJR/EvzgRCfB8vbML13p46O9xhoJgn7ZWvMb3vaR5jxIkQwstUR36raEVhttBDEuWasWnHYbrM1zd3ooudbTEQf5vXISZKFygHyJFFqb4iQ76i+hDlb0VQKZCdaol