feat(ssh_host_keys): add role for managing SSH host keys

- Ensure the `/tmp/ssh_keys` directory exists.
- Download SSH host keys from S3 and unpack them to `/etc/ssh`.
- Restart the SSH service to apply the new keys.
- Add necessary variables for S3 and AWS credentials in `groupvars/all`.
- Include `ssh_host_keys` role in `cluster.yml` playbook.

ansible/cluster.yml

@@ -7,3 +7,4 @@
     - { name: 'nfs_mounts', tags: 'nfs_mounts' }
     - { name: 'ldap_config', tags: 'ldap_config' }
     - { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
+    - { name: 'ssh_host_keys', tags: 'ssh_host_keys' }

ansible/group_vars/all

@@ -33,3 +33,12 @@
     - /gpfs4
     - /gpfs5
 
+#SSH Host Keys
+  s3_endpoint: ""
+  ssh_host_keys_s3_bucket: ""
+  ssh_host_keys_s3_object: ""
+
+# AWS credentials
+  lts_access_key: ""
+  lts_secret_key: ""
+

ansible/roles/ssh_host_keys/tasks/main.yml

+---
+- name: Ensure destination directory exists only if not present
+  file:
+    path: /tmp/ssh_keys
+    state: directory
+    mode: '0755'
+  args:
+    creates: /tmp/ssh_keys
+
+- name: Download SSH host keys tar.gz from S3
+  aws_s3:
+    mode: get
+    s3_url: "{{ s3_endpoint }}"
+    bucket: "{{ ssh_host_keys_s3_bucket }}"
+    object: "{{ ssh_host_keys_s3_object }}"
+    dest: "/tmp/ssh_keys/{{ ssh_host_keys_s3_object }}"
+    aws_access_key: "{{ lts_access_key }}"
+    aws_secret_key: "{{ lts_secret_key }}"
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+- name: Unpack SSH host keys to /etc/ssh
+  unarchive:
+    src: "/tmp/ssh_keys/{{ ssh_host_keys_s3_object }}"
+    dest: "/etc/ssh"
+    remote_src: yes
+  become: true
+
+- name: Restart SSH service
+  ansible.builtin.service:
+    name: sshd
+    state: restarted
+  become: true
\ No newline at end of file