From 3790aec3d8afa329e10c0eb7ca29142acca33051 Mon Sep 17 00:00:00 2001
From: Carlos Goncalves <cgoncalves@redhat.com>
Date: Wed, 11 Apr 2018 20:06:53 +0100
Subject: [PATCH] Create keypair for SSH access to Octavia amphorae

Create keypair from a given public key file under the project name for
Octavia ('service' by default). If a public key file is not provided,
the public key of the undercloud stack user will be used.

Depends-On: https://review.openstack.org/#/c/560879/
Change-Id: I3b2e283f6fa081b07cc12a244c14701e431d884e
(cherry picked from commit bd710fd838896431b25a24e767e43043ed00062e)
---
 playbooks/octavia-files.yaml                       |  6 ++++++
 playbooks/roles/common/defaults/main.yml           |  4 ++++
 playbooks/roles/octavia-undercloud/tasks/main.yml  | 14 ++++++++++++++
 .../octavia-amphora-ssh-5dee3678d7b66476.yaml      |  3 +++
 workbooks/octavia_post.yaml                        | 10 ++++++++++
 5 files changed, 37 insertions(+)
 create mode 100644 releasenotes/notes/octavia-amphora-ssh-5dee3678d7b66476.yaml

diff --git a/playbooks/octavia-files.yaml b/playbooks/octavia-files.yaml
index 18a272d46..b5a631f39 100644
--- a/playbooks/octavia-files.yaml
+++ b/playbooks/octavia-files.yaml
@@ -2,6 +2,12 @@
 - hosts: undercloud[0]
   remote_user: stack
   gather_facts: False
+  vars:
+    amp_ssh_key_name: "{{ amp_ssh_key_name }}"
+    amp_ssh_key_path: "{{ amp_ssh_key_path }}"
+    auth_username: "{{ auth_username }}"
+    auth_pasword: "{{ auth_password }}"
+    auth_project_name: "{{ auth_project_name }}"
   environment:
     OS_USERNAME: "{{ os_username }}"
     OS_USER_DOMAIN_NAME: "Default"
diff --git a/playbooks/roles/common/defaults/main.yml b/playbooks/roles/common/defaults/main.yml
index 1b7ea74c9..c6a6fc694 100644
--- a/playbooks/roles/common/defaults/main.yml
+++ b/playbooks/roles/common/defaults/main.yml
@@ -2,6 +2,10 @@
 amp_image_name: "octavia-amphora"
 amp_image_filename: "/usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2"
 amp_image_tag: "amphora-image"
+amp_ssh_key_name: "octavia-ssh-key"
+amp_ssh_key_path: "/home/stack/.ssh/id_rsa.pub"
+auth_username: "octavia"
+auth_project_name: "service"
 lb_mgmt_net_name: "lb-mgmt-net"
 lb_mgmt_subnet_name: "lb-mgmt-subnet"
 lb_mgmt_subnet_cidr: "192.168.199.0/24"
diff --git a/playbooks/roles/octavia-undercloud/tasks/main.yml b/playbooks/roles/octavia-undercloud/tasks/main.yml
index 410bc2b03..6bf444b85 100644
--- a/playbooks/roles/octavia-undercloud/tasks/main.yml
+++ b/playbooks/roles/octavia-undercloud/tasks/main.yml
@@ -13,3 +13,17 @@
     register: image_result
     changed_when: "image_result.stdout != ''"
     when: amp_image_file_result.stat.exists == True
+
+  - name: check if pub key file exists
+    stat: path="{{ amp_ssh_key_path }}"
+    register: ssh_pub_key_file_result
+
+  - name: upload pub key to overcloud
+    shell: |
+      openstack keypair show {{ amp_ssh_key_name }} || \
+        openstack keypair create --public-key {{ amp_ssh_key_path }} {{ amp_ssh_key_name }}
+    environment:
+      OS_USERNAME: {{ auth_username }}
+      OS_PASSWORD: {{ auth_password }}
+      OS_PROJECT_NAME: {{ auth_project_name }}
+    when: ssh_pub_key_file_result.stat.exists == True
diff --git a/releasenotes/notes/octavia-amphora-ssh-5dee3678d7b66476.yaml b/releasenotes/notes/octavia-amphora-ssh-5dee3678d7b66476.yaml
new file mode 100644
index 000000000..9f74c18f2
--- /dev/null
+++ b/releasenotes/notes/octavia-amphora-ssh-5dee3678d7b66476.yaml
@@ -0,0 +1,3 @@
+---
+features:
+  - Create keypair for SSH access to Octavia amphorae.
diff --git a/workbooks/octavia_post.yaml b/workbooks/octavia_post.yaml
index 53f18642b..cdfa9b07d 100644
--- a/workbooks/octavia_post.yaml
+++ b/workbooks/octavia_post.yaml
@@ -11,6 +11,11 @@ workflows:
       - amp_image_name
       - amp_image_filename
       - amp_image_tag
+      - amp_ssh_key_name
+      - amp_ssh_key_path
+      - auth_username
+      - auth_password
+      - auth_project_name
       - lb_mgmt_net_name
       - lb_mgmt_subnet_name
       - lb_sec_group_name
@@ -94,6 +99,11 @@ workflows:
             amp_image_name: <% $.amp_image_name %>
             amp_image_filename: <% $.amp_image_filename %>
             amp_image_tag: <% $.amp_image_tag %>
+            amp_ssh_key_name: <% $.amp_ssh_key_name %>
+            amp_ssh_key_path: <% $.amp_ssh_key_path %>
+            auth_username: <% $.auth_username %>
+            auth_password: <% $.auth_password %>
+            auth_project_name: <% $.auth_project_name %>
         on-success: config_octavia
 
       config_octavia: