From 41fe771bccd6ba2ad9b19f35af7351a508781d27 Mon Sep 17 00:00:00 2001
From: Michal Arbet <michal.arbet@ultimum.io>
Date: Fri, 7 May 2021 14:10:46 +0200
Subject: [PATCH] Do not write octavia_amp_ssh_key if auto_config disabled

This task is writing private key from passwords to
/etc/kolla/octavia-worker/{{ octavia_amp_ssh_key_name }} even
if user disabled octavia auto configure.

This patch is adding conditional for this task and skipping
it if octavia_auto_configure: "no".

Closes-Bug: #1927727

Change-Id: Ib993b387d681921d804f654bea780a1481b2b0d0
---
 ansible/roles/octavia/tasks/config.yml               | 4 +++-
 releasenotes/notes/bug-1927727-4437103de59e85e5.yaml | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/bug-1927727-4437103de59e85e5.yaml

diff --git a/ansible/roles/octavia/tasks/config.yml b/ansible/roles/octavia/tasks/config.yml
index d2968020e7..818f0e14e6 100644
--- a/ansible/roles/octavia/tasks/config.yml
+++ b/ansible/roles/octavia/tasks/config.yml
@@ -110,7 +110,9 @@
         group: "{{ config_owner_group }}"
         mode: "0400"
       become: True
-      when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
+      when:
+        - inventory_hostname in groups[octavia_services['octavia-worker']['group']]
+        - octavia_auto_configure | bool
 
     - name: Copying certificate files for octavia-worker
       vars:
diff --git a/releasenotes/notes/bug-1927727-4437103de59e85e5.yaml b/releasenotes/notes/bug-1927727-4437103de59e85e5.yaml
new file mode 100644
index 0000000000..71ce661a3b
--- /dev/null
+++ b/releasenotes/notes/bug-1927727-4437103de59e85e5.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue with Octavia SSH key copying if user disabled Octavia
+    auto configuration.
+    `LP##1927727 <https://bugs.launchpad.net/kolla-ansible/+bug/1927727>`__