Add ssh host CA roles

[jabl]

ansible-role-ssh-hostca-srv role to install, it configures and runs a ssh host CA signing service.

ansible-role-sshd-host-keys-client to all other nodes, which contacts the host CA service and gets a signed certificate.

local.yml left alone for now until sites have updated install node.

[martbhell]

I haven't looked at the contents of the PR - but travis fails with

 - extracting ansible-role-ssh-hostca-srv to /ansible-role-ssh-hostca-srv
ERROR! Unexpected Exception: [Errno 21] Is a directory: '/ansible-role-ssh-hostca-srv/tasks'
to see the full traceback, use -vvv
requirements install failed

[A1ve5]

Looks good. We can test it in Io. @jabl, one question why not to have the python server script included in the role? (https://github.com/jabl/ansible-role-ssh-hostca-srv/blob/master/tasks/main.yml#L40)

[jabl]

Ok, I think I fixed that weird "Errno[21] is a directory" error. Turned out the repo accidentally contained an emacs backup file (tasks/main.yml~). Removed that and pushed a new tag, lets see if this works better.

As for why the script is downloaded from a separate repo instead of included under files/. Well, no particular reason, really. I just started developing the script in a separate repo before ansiblifying it. Might make sense to tag a version of that repo and download the tagged version, so one doesn't accidentally download some in-progress development work..

[jabl]

Latest version now using tagged version of ssh_hostca_srv.py script.

[rkdarst]

Can this old PR from 2016 be closed now?

I'm looking at old PRs from my organizations, and this is a very old PR, and I guess it can be closed now. But I can't do it myself.

[VilleS1]

Yeah lets close it.