From b20198146ec64de316a442e8223417089f9a32f3 Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Fri, 28 Sep 2018 13:03:40 -0400
Subject: [PATCH] Automatically create and import keypair if it doesn't exist

This will automatically build a keypair if none exists with the
name that's provided and octavia_ssh_enabled is set to true.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/765673
Change-Id: I12b1b7d18c5efd1438585153fa6b2db467758419
---
 defaults/main.yml         |  2 +-
 tasks/main.yml            |  6 +++++
 tasks/octavia_keypair.yml | 51 +++++++++++++++++++++++++++++++++++++++
 tests/test-octavia.yml    | 14 -----------
 4 files changed, 58 insertions(+), 15 deletions(-)
 create mode 100644 tasks/octavia_keypair.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index c85bbf73..f0c5d61c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -251,9 +251,9 @@ octavia_security_group_name: octavia_sec_grp
 # Restrict access to only authorized hosts
 octavia_security_group_rule_cidr:
 # ssh enabled - switch to True if you need ssh access to the amphora
-# and make sure to uplaod a key with the name below
 octavia_ssh_enabled: False
 octavia_ssh_key_name: octavia_key
+octavia_keypair_setup_host: "{{ openstack_keypair_setup_host | default('localhost') }}"
 # port the agent listens on
 octavia_agent_port: "9443"
 octavia_health_manager_port: 5555
diff --git a/tasks/main.yml b/tasks/main.yml
index 326904ea..b66da529 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -178,6 +178,12 @@
   tags:
     - octavia-install
 
+- include_tasks: octavia_keypair.yml
+  when:
+    - _octavia_is_first_play_host
+  tags:
+    - octavia-config
+
 - import_tasks: octavia_flavor_create.yml
   when:
     - octavia_nova_flavor_uuid is not defined
diff --git a/tasks/octavia_keypair.yml b/tasks/octavia_keypair.yml
new file mode 100644
index 00000000..8c80d9d5
--- /dev/null
+++ b/tasks/octavia_keypair.yml
@@ -0,0 +1,51 @@
+---
+# Copyright 2018, VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Create keypair for Octavia
+  delegate_to: "{{ octavia_keypair_setup_host }}"
+  vars:
+    ansible_python_interpreter: >-
+      {{ (octavia_keypair_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
+  block:
+    - name: Create keypair
+      register: _octavia_keypair
+      openstack.cloud.keypair:
+        auth:
+          auth_url: "{{ keystone_service_adminurl }}"
+          username: "{{ octavia_service_user_name }}"
+          password: "{{ octavia_service_password }}"
+          project_name: "{{ octavia_service_project_name }}"
+          user_domain_name: "{{ octavia_service_user_domain_id }}"
+          project_domain_name: "{{ octavia_service_project_domain_id }}"
+        state: "{{ (octavia_ssh_enabled | bool) | ternary('present', 'absent') }}"
+        interface: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+        name: "{{ octavia_ssh_key_name }}"
+
+    - name: Write private key locally
+      copy:
+        content: "{{ _octavia_keypair.key.private_key }}"
+        dest: "{{ lookup('env', 'HOME') }}/.ssh/{{ octavia_ssh_key_name }}"
+      when:
+        - _octavia_keypair is changed
+        - octavia_ssh_enabled
+
+    - name: Remove private key from deploy host after use
+      file:
+        path: "{{ looup('env', 'HOME') }}/.ssh/{{ octavia_ssh_key_name }}"
+        state: absent
+      when:
+        - _octavia_keypair is changed
+        - not octavia_ssh_enabled
diff --git a/tests/test-octavia.yml b/tests/test-octavia.yml
index 50a58215..a32f190f 100644
--- a/tests/test-octavia.yml
+++ b/tests/test-octavia.yml
@@ -70,20 +70,6 @@
         name: "public-subnet"
         cidr: "10.1.3.0/24"
 
-    - name: Upload key to nova
-      os_keypair:
-        auth:
-          auth_url: "{{ keystone_service_adminurl }}"
-          username: "{{ octavia_service_user_name }}"
-          password: "{{ octavia_service_password }}"
-          project_name: "{{ octavia_service_project_name }}"
-          user_domain_name: "{{ octavia_service_user_domain_id }}"
-          project_domain_name: "{{ octavia_service_project_domain_id }}"
-        interface: admin
-        state: present
-        name: "octavia_key"
-        public_key_file: "{{ lookup('env', 'HOME') }}/.ssh/id_rsa.pub"
-
     - name: Create a loadbalancer
       shell: >
          openstack --debug loadbalancer create  --name test-lb --vip-subnet-id public-subnet