Add distribute_private_key boolean for tripleo_create_admin

Add boolean option to distribute the private key which is
created by the cli-enable-ssh-admin.yaml playbook and update
the tripleo_create_admin role to distribute the private key
when it is true.

This option defaults to false as we normally don't want to
do this. However, cephadm needs a private key on all nodes
with the OS::TripleO::Services::CephMgr service in order to
manage a Ceph cluster. This option will likely only be used
for the ceph-admin user which is similar to but not the same
as the tripleo-admin user.

Also, remove old reference to Mistral in task name.

Implements: blueprint tripleo-ceph
Change-Id: I69c74c1869aa0f54c1695fd53098df7e78f64247

tripleo_ansible/playbooks/cli-enable-ssh-admin.yaml

@@ -21,6 +21,7 @@
   any_errors_fatal: true
   vars:
     BlacklistedIpAddresses: []
+    distribute_private_key: false
   handlers:
     - name: Remove mistral tmp file
       file:
@@ -226,7 +227,7 @@
     - role: tripleo_create_admin
       tripleo_admin_user: tripleo-admin
       tripleo_admin_pubkey: "{{ user_public_key }}"
-
+      tripleo_admin_prikey: "{{ user_private_key }}"
 
 - name: Validate TripleO Admin Access
   hosts: localhost:tripleo_queues

tripleo_ansible/roles/tripleo_create_admin/defaults/main.yml

@@ -26,3 +26,11 @@ tripleo_admin_generate_key: false
 # When `tripleo_admin_pubkey` is defined an additional authorized key will
 # added to the admin users authroized_keys file.
 #   tripleo_admin_pubkey: ssh-rsa AAAA...
+
+# When `tripleo_admin_prikey` is defined and not empty and when
+# distribute_private_key is true, then a private key will
+# be added to the admin user's home dir. It will be called
+# "~/.ssh/id_rsa" and contain something like:
+#   tripleo_admin_prikey: -----BEGIN OPENSSH PRIVATE KEY-----\nb3B...
+
+distribute_private_key: false

tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/converge.yml

@@ -26,3 +26,11 @@
       vars:
         tripleo_admin_user: tripleo-admin
         tripleo_admin_pubkey: ssh-rsa AAAATEST
+
+    - import_role:
+        name: tripleo_create_admin
+        tasks_from: distribute_key_files.yml
+      vars:
+        tripleo_admin_user: tripleo-admin
+        distribute_private_key: true
+        tripleo_admin_prikey: '-----BEGIN OPENSSH PRIVATE KEY-----'

tripleo_ansible/roles/tripleo_create_admin/molecule/addkey/tests/test_keyadd.py

@@ -26,3 +26,5 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 def test_user_key_add(host):
     auth_keys = host.file("/home/tripleo-admin/.ssh/authorized_keys")
     assert 'ssh-rsa AAAATEST' in auth_keys.content_string
+    private_key = host.file("/home/tripleo-admin/.ssh/id_rsa")
+    assert '-----BEGIN OPENSSH PRIVATE KEY-----' in private_key.content_string

tripleo_ansible/roles/tripleo_create_admin/tasks/authorize_user.yml

@@ -15,7 +15,7 @@
 # under the License.
 
 
-- name: authorize TripleO Mistral key for user {{ tripleo_admin_user }}
+- name: authorize TripleO key for user {{ tripleo_admin_user }}
   lineinfile:
     path: /home/{{ tripleo_admin_user }}/.ssh/authorized_keys
     line: '{{ tripleo_admin_pubkey }}'

tripleo_ansible/roles/tripleo_create_admin/tasks/distribute_key_files.yml

@@ -0,0 +1,39 @@
+---
+# Copyright 2021 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Install private key on nodes for user {{ tripleo_admin_user }}
+  copy:
+    dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa
+    content: "{{ tripleo_admin_prikey }}"
+    owner: "{{ tripleo_admin_user }}"
+    group: "{{ tripleo_admin_user }}"
+    mode: '0600'
+  when:
+    - distribute_private_key | bool
+    - tripleo_admin_prikey is defined
+    - tripleo_admin_prikey | length > 0
+
+- name: Install public key on nodes for user {{ tripleo_admin_user }}
+  copy:
+    dest: /home/{{ tripleo_admin_user }}/.ssh/id_rsa.pub
+    content: "{{ tripleo_admin_pubkey }}"
+    owner: "{{ tripleo_admin_user }}"
+    group: "{{ tripleo_admin_user }}"
+    mode: '0644'
+  when:
+    - distribute_private_key | bool
+    - tripleo_admin_pubkey is defined
+    - tripleo_admin_pubkey | length > 0

tripleo_ansible/roles/tripleo_create_admin/tasks/main.yml

@@ -17,3 +17,5 @@
 
 - import_tasks: create_user.yml
 - import_tasks: authorize_user.yml
+- import_tasks: distribute_key_files.yml
+  when: distribute_private_key | bool