From 3d72b705547007a2268ffdd9428cf4d1fa405a49 Mon Sep 17 00:00:00 2001
From: Or Idgar <oidgar@redhat.com>
Date: Tue, 18 Jul 2017 16:04:39 +0000
Subject: [PATCH] Add worker configuration for amphora communication.

Adding the configuration for amp_ssh_key_name, key_path.

Change-Id: I216b6fa8facffcbe7ccd8ee579e393244c847450
---
 manifests/worker.pp                                | 14 +++++++++++++-
 .../notes/ssh-cert-files-42b8a31092405454.yaml     |  5 +++++
 spec/classes/octavia_worker_spec.rb                |  6 ++++++
 3 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/ssh-cert-files-42b8a31092405454.yaml

diff --git a/manifests/worker.pp b/manifests/worker.pp
index ce77453f..e8281f58 100644
--- a/manifests/worker.pp
+++ b/manifests/worker.pp
@@ -63,6 +63,14 @@
 #   for amphorae.
 #   Defaults to 'allowed_address_pairs_driver' (neutron based)
 #
+# [*amp_ssh_key_name*]
+#   (optional) Name of Openstack SSH keypair for communicating with amphora
+#   Defaults to 'octavia-ssh-key'
+#
+# [*key_path*]
+#   (optional) full path to the private key for the amphora SSH key
+#   Defaults to '/etc/octavia/.ssh/octavia_ssh_key'
+#
 class octavia::worker (
   $manage_service        = true,
   $enabled               = true,
@@ -76,7 +84,9 @@ class octavia::worker (
   $nova_flavor_config    = {},
   $amphora_driver        = 'amphora_haproxy_rest_driver',
   $compute_driver        = 'compute_nova_driver',
-  $network_driver        = 'allowed_address_pairs_driver'
+  $network_driver        = 'allowed_address_pairs_driver',
+  $amp_ssh_key_name      = 'octavia-ssh-key',
+  $key_path              = '/etc/octavia/.ssh/octavia_ssh_key'
 ) inherits octavia::params {
 
   include ::octavia::deps
@@ -141,5 +151,7 @@ class octavia::worker (
     'controller_worker/amphora_driver'        : value => $amphora_driver;
     'controller_worker/compute_driver'        : value => $compute_driver;
     'controller_worker/network_driver'        : value => $network_driver;
+    'controller_worker/amp_ssh_key_name'      : value => $amp_ssh_key_name;
+    'haproxy_amphora/key_path'                : value => $key_path;
   }
 }
diff --git a/releasenotes/notes/ssh-cert-files-42b8a31092405454.yaml b/releasenotes/notes/ssh-cert-files-42b8a31092405454.yaml
new file mode 100644
index 00000000..a70aff51
--- /dev/null
+++ b/releasenotes/notes/ssh-cert-files-42b8a31092405454.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds `amp_ssh_key_name`, `key_path` configuration options for configuring
+    secure communications with amphorae.
diff --git a/spec/classes/octavia_worker_spec.rb b/spec/classes/octavia_worker_spec.rb
index 912ac0b8..70362b16 100644
--- a/spec/classes/octavia_worker_spec.rb
+++ b/spec/classes/octavia_worker_spec.rb
@@ -32,6 +32,8 @@ describe 'octavia::worker' do
           :amp_secgroup_list     => ['lb-mgmt-sec-grp'],
           :amp_boot_network_list => ['lbnet1', 'lbnet2'],
           :loadbalancer_topology => 'SINGLE',
+          :amp_ssh_key_name      => 'custom-amphora-key',
+          :key_path              => '/opt/octavia/ssh/amphora_key',
         })
       end
 
@@ -40,6 +42,8 @@ describe 'octavia::worker' do
       it { is_expected.to contain_octavia_config('controller_worker/amp_secgroup_list').with_value(['lb-mgmt-sec-grp']) }
       it { is_expected.to contain_octavia_config('controller_worker/amp_boot_network_list').with_value(['lbnet1', 'lbnet2']) }
       it { is_expected.to contain_octavia_config('controller_worker/loadbalancer_topology').with_value('SINGLE') }
+      it { is_expected.to contain_octavia_config('controller_worker/amp_ssh_key_name').with_value('custom-amphora-key') }
+      it { is_expected.to contain_octavia_config('haproxy_amphora/key_path').with_value('/opt/octavia/ssh/amphora_key') }
     end
 
     it 'configures worker parameters' do
@@ -47,6 +51,8 @@ describe 'octavia::worker' do
       is_expected.to contain_octavia_config('controller_worker/amphora_driver').with_value('amphora_haproxy_rest_driver')
       is_expected.to contain_octavia_config('controller_worker/compute_driver').with_value('compute_nova_driver')
       is_expected.to contain_octavia_config('controller_worker/network_driver').with_value('allowed_address_pairs_driver')
+      is_expected.to contain_octavia_config('controller_worker/amp_ssh_key_name').with_value('octavia-ssh-key')
+      is_expected.to contain_octavia_config('haproxy_amphora/key_path').with_value('/etc/octavia/.ssh/octavia_ssh_key')
     end
 
     it 'deploys nova flavor for octavia worker' do